light bulb

Did You Know?

New Idea

Most of the cases the root problem of a successful 0-day infectino is that the very first piece of malicious code (most likely a downloader trojan) can successfully communicate to it CC (command and control centre).


Webroot today has a default allow action if user does not block via this popup window:



First of all: surely, admins never like the idea of giving such control to the user. User will never know the exact risks of clicking the Allow button here. When he clicks, it is already late to save the network from harm. Please refer to many many Cryptolocker cases around the Globe.


Secondly, the countdown counter here gives you 120 sec to decide. Who among the users can get proper help on what to click here in just 120 sec??? Who is that admin among us who could properly check this unknown process out it at the endpoint and advice in just 120 sec? (Anyone yes - I would employ you tomorrow and we will make big money... Smiley Happy )


(please also read this idea - it might work in some cases:


Thirdly, actually, I have never seen any firewall (perimeter or personal) that has a "default allow" implementation. Eversince we have communicating systems we all learnt quite well: for any unknown process the only safe action is to block its communication, isnt' it? (Please note, blocking unknown processes' communication will not have any effect on known good processes.)


Sure, Webroot, you might say that implementing this could result in blocking too many legitim processes, but hey, this is your constant job to classify new processes and as quickly as you can and we purchase a WSA licence it means we do trust you can do this mandatory job for us, for our safety.


Also, even without your expert job (and cloud database updates), local admins could easily deal with those untrusted processes whose communications were blocked via the Admin Console, so they could easily classify any unknown process as "Good" if need be.


Dealing with some bloked communications is (to my opinion) still much better staff then dealing with tons of encrypted files... and neverending ransomware infcetions are just about to teach it for us all.


So why nort let us stay on the safer side?


Kind regards,

Community GuideCommunity Guide

WSA 6500+ endpoints inatalled and maintained daily, 12+ years Webroot sales & support, 2 yr Webroot MSP

Add the ability to send quarantine files directly to Webroot for checking for false positives. As it is right now, you have to take the files out of quarantine and put the suspect files back into the system, then you can attach the file and send it to Webroot. Putting the file back into the system from quarantine does not sound like a very safe way to get a file checked by Webroot. Other AV software can send files from their safe/quarantine areas so I would think Webroot could do the same.

Mac Forum and Mac Expert on the Webroot Forum

Status: New
by Bronze VIP on ‎10-12-2016 09:22 AM
Windows 7

The Webroot Forum is in need for both:

1. Mac Forum Only

2. Webroot Mac Expert on the Forum. (it's been a few months without one)

The Webroot File Submission site ( is an excellent yest little known of/remembered resource and as such is very much under utilised as far as I know.


To allow better access to it I would like to suggest that a link to the site is added to the WSA local client; either as a button under the 'Support/Community' tab or the 'Utilities' tab, so that in much the same way as the 'Support' button takes the user to the site directly to open a support ticket, so this would take the user to the File submission site and give them immediate access to:


1. File submission

2. MD5 Hash lookups

3. URL Reputation lookups


As such it should not add very much in terms of additional code to the installer and would provide further useful tools for the user to readily use.




To include:


i. lptemp language files in temp folders. Reference:

ii. Renamed, over time redundant WRkrn.sys files in Drivers folder. Ref:

Any other files or remnants etc. which may also be reasonably included. Suggestions and additions welcome.  


I am not sure how I would envisage achieving this, but ideally it would be optional, perhaps as an addition to the Optimizer, but that would exclude users not running the appropriate version of WSA.   

Private Message Protection.

Status: New
by Sr. Community Expert Advisor on ‎11-04-2015 04:43 PM

Just a quick question and nothing major.


Although when deleting Private Messages we are asked to confirm the deletion etc. when there are quite a few to delete it is very easy to acidentally delete one which you wanted especially if your housekeeping is not perfect.

Is there any way to protect certain ones from deletion as in locking them which we can do with text messages in mobiles phones.

I am sure I am not alone in accidentally deleting ones I wanted saved.





MBR protection

Status: New
by Bronze VIP on ‎12-25-2016 07:24 AM

Add MBR(Master Boot Record) protection function


like this



for example

PETYA Crypto-ransomware Overwrites MBR

This will improve the protection of ransomware(petya,Goldeneye......etc)


WRSA's System Optimizer includes an advanced option to clean the Internet Explorer "index.dat" web cache file used by Windows versions prior to Windows 10. However, under Windows 10 the Internet Explorer and Edge browsers use a web cache file named "WebCacheV01.dat" which is not cleaned by WRSA's system optimizer. I would like for WRSA to have the function of cleaning WebCacheV01.dat. Thank you.

This enhancement/suggestion is certainly not necessary but would be helpful in certain situations. 


By adding a more simple method to filter the viewing of the Active Connections and Active Processes, it would simplify and speed up the process of viewing (ONLY) those in a blocked or monitored condition.   


While the current screens provide the above-mentioned information it is a bit unwieldy when forced to scroll through many lines of information while looking for blocked or monitored conditions.  Sometimes an active process or connection is temporary and if you don’t catch it quickly while it is being executed, you can miss out on valuable troubleshooting information.


This would be most helpful to the non-techie user who is probably overwhelmed by the amount of information on the screen when trying to troubleshoot if WSA is preventing their application or function from working properly.

I have just discovered that the UK is the only country where you are charged to contact Support (0870 141 7070) — and charged quite steeply at that.


This can't be right !!??!!???


It was the following post that drew my attention to this:

squarehead666 wrote:
.....My issue was dealt with while I waited, it took an hour or two all told, but AFAIK the call was free (it had better be).


Are Webroot actively trying to lose UK customers??? When @squarehead666 sees his phone bill at the end of the month, I imagine he will be an extremely unhappy customer to see that he is being charged (and very steeply at that if I am not mistaken) for the privilege of having Webroot correct problems being caused on his machine by Webroot's software !!! What is more, being in contact through games forums with other Battlefront games customers using Webroot and encountering the same problem, I can well imagine that this will have ripple effects.


C'mon Webroot!! Why should Webroot customers from the UK, the country from whence hails the cybersecurity firm Webroot can thank for the entire architecture of its antimalware products, have to pay to get technical support by phone? Step up your game, and offer UK customers a free phone number like all the other countries you offer a Support phoneline to: !

I would like to be able to activate new keycodes on existing computers from  the web control panel, actually the keycode field is read only. 


In this way it could be possible to better manage protected PC remotely as You can do with various other options like activate/deactivate.


For example it was possible with another AV I had in the past:.

"To use a license on a device that has already been connected to the portal:

  1. Go to the Licenses section.
  2. On the panel of the license, click the Usage link.

    This link is displayed when it is possible to send a key to a device. Sending a key to a device may take a long time (up to 24 hours).

  3. Next to the icon of the device on which you want to use the license, click the Use on device button.

If the application has an active key, the key you send is used as an additional key. You can add an additional key if it expires after the active key."

More detailed warnings for filtered pages

Status: New
by Christophe on ‎02-24-2016 01:25 PM

When visiting security websites websites that deal with proxies, anonymizers, VPNs, TOR, etc. Webroot blocks these websites with the usualy warning.


In Search Engines they get the "Reputation: HIGH RISK - When Visiting this website there is a high probability that you will be exposed to malicious links or payloads."


When visiting the sites the message is "Suspicious attack ahead. Webroot has blocked access to the website you tried to open. It has been reported to contain suspicious content."


For many of these sites, this warning is completely innacurate. The sites themselves are trustworthy, particularly websites like which are highly reputable website/project run by a registered 501(c)(3) US non-profit organization.


When reporting this issue to Webroot, I've been informed that "Tor is flagged because it is a proxy that many admins would not want employees using. We have no plans to change this." 


If Webroot has no plans to change this, I would like to propose that you change the way users are warned about these sites. Add different kinds of warnings that specify in more detail why the site is blocked. For example "This site contains content that may be offensive to your network administrator." 


As it is, I, and I'm certain other webroot users, are in the habit of simply clicking "ignore" (more specifically, "tell me more about it" then "unblock page and continue") on every security oriented website that brings up this warning (I've seen it on security oriented news sites as well). The problem with this is that we are being forced to do this blindly. We have no idea if Webroot has blocked the website because of the content, or because it may actually contain "malicious links or payloads." Essentially, by being over-protective, webroot has become less effective in protecting us.


Please provide warnings that specify why a website is blocked. That way users can make an informed decision about whether or not they want to continue...



Webroot community app

Status: New
by Sr. Community Guide on ‎10-11-2016 01:17 PM

Hi all was thinking on a ideal for mobile phones. I lot of us use mobile apps so I thought why not have a webroot community app instead of logging in on the Internet on your phone. 

Hungarian language localization

Status: New
by Frequent Voice on ‎01-03-2017 07:51 AM


WSA is getting more popular Hungarian. 

When Trojans get downloaded they are currently a) scanned by WRSA and b) may be further scanned by the user with a manual scan. On both these actions WRSA does not quaranteen these files because they are not considered active malware, according to your researcher Dan. I have checked more than 20 such files via Virustotal and not only ESET, Kapserky recognise them as Trojans but even the lowly Windows Defender. Of all these Trojans across 2 weeks, WRSA did not alert when downloaded not afterwards manually scanned, they were passed as OK.

Because the files may have been scanned twice, the average user is going to believe those files are OK and clean according to WRSA and they may pass them on to someone else in their business workflow or to a friend when in fact those files contained malware. Those files can then wreak havoc on another system that is not protected by WRSA.

Fundamental question and request: Upon download and manual scan WRSA is most likely checking those files against an online databse, so why not immediately quaranteen such suspect files or at least alert the user there may be a risk?

Can WRSA deal with such files immediately, using your own online lookup or add the feature to compare on Virustotal.


Thanks for your consideration

Webroot Filtering Extension button at Firefox address bar similiar to Webroor button at Chrome address bar.


Respectfully submitted

Make Auto-Renewals Cheaper

Status: New
by New Voice zorak on ‎02-05-2017 07:41 PM

How about rewarding loyal customers by making auto-renewals cheaper, or at least the same price, as new purchases?


Existing customers are effectively charged a "lazy tax" if they auto-renew, especially SecureAnywhere Plus and Complete customers, who cannot purchase cheaper subscriptions without being forced to jump through hoops to retain their passwords/backups.


I know 3rd party offers can be even cheaper again, but surely auto-renewals could at least match Webroot's own discounted prices?

OS and Browser query?

Status: New
by Sr. Community Expert Advisor on ‎08-21-2016 04:13 PM
Windows 7

I've looked and haven't seen a request for this yet. If it has already been suggested, then I apologize.


Would it be possible for Lithium to add the ability to have those posting their question on any given topic, that they also be required to check two boxes or drop-down menus; one stating their OS and another, their current default browser.


Just having these two questions already answered ahead of time would be of great assistance to those of us trying to help our fellow community members. 


Please kudo if you agree. Again, if this has already been suggested then please nevermind. Smiley Happy




Windows 10 mobile

Status: New
by brettbenn88 on ‎10-07-2016 10:10 PM

Microsoft is heavily investing in windows 10 mobile now which is something it has never done. They are heavily focusing on enterprise customers but there is no virus protection offered by Webroot. Is there any plans for adding support to windows mobile.

Tie WSA into Event Logs

Status: New
by New Voice nxte on ‎03-04-2016 01:48 PM

It would be usefull to me if WSA was able to generate events in the windows event log.  It would make it easier to create scheduled tasks or incorporate data into a SEIM. 


'Windows allows applications to report their own security events to the security log by registering through Authorization Manager with LSA as a security event source using the AuthzRegisterSecurityEventSource function. "