Question

How does Firewall blocking work?

  • 14 February 2020
  • 13 replies
  • 148 views

Userlevel 2
Badge +3
  1. Getting a little paranoid about windows 10 I decided to check out goings using the WR firewall.
  2. I set it to ‘warn if any process connects to the internet unless explicitly allowed.’ and
  3.  blocked the long list of Active Connections which took a hour
  4. I then carried on as normal
  5. All browsers worked as did email with no warnings whatsoever so I concluded
  6. There must be a hidden whitelist or a bug

So my question is how can I make it work


13 replies

Userlevel 2
Badge +3

It gets worse…...rebooted and returned to block list to find a large number of previously blocked had been changed to Allowed which strongly suggests a hidden whitelist or Webroot are now part of Microsoft! WTH is going on? Why is the paying user deprived of control?

Help.

Userlevel 2
Badge +3

It gets worse…...rebooted and returned to block list to find a large number of previously blocked had been changed to Allowed which strongly suggests a hidden whitelist or Webroot are now part of Microsoft! WTH is going on? Why is the paying user deprived of control?

Help.


Please define ‘specifically allowed’ include by whom and exactly what control does the paying user have over this flag.

I have not forgotten the behaviour of Webroot when it encounters game trainers which the user has allowed.  It blocks them anyway after 2--30 minutes use.

It seems very obvious that Webroot cannot be trusted to do what the user requires. Are they paid Chicago style backhanders by MS and game companies to over-rule paying customers decisions? It looks very much like it from where I’m sitting under “The hand of the God Webroot’.

Send my regards to Al.

 

Userlevel 6
Badge +16

@meditek10 ,

I’m sorry to hear you’re having some confusion around this setting. I’m not exactly sure how it should/shouldn’t work in regards to simply opening a browser. Perhaps that setting is looking more for back-end commands that would connect to the internet. Double clicking a browser might not count.

 

I suggest you Submit a support ticket and find out what’s going on with the behavior you’re describing. I’m sure they’ll help you figure it out!

-Keenan

Userlevel 7
Badge +55

Well I tested the Firewall settings and it works as it should even after rebooting?

 

For example:

 

 

Userlevel 7
Badge +55

Hello @meditek10 can you please do a clean reinstall as it works fine for me.

 

Please follow the steps closely!

  • Make sure you have a copy of your 20 Character Alphanumeric Keycode! Example: SA69-AAAA-A783-DE78-XXXX
  • Be sure you add your Keycode to your Online Console: Webroot SecureAnywhere Online Console
  • KEEP the computer online for Uninstall and Reinstall to make sure it works correctly
  • Download a Copy Here (Best Buy Geek Squad Subscription PC users click HERE) Let us know if it is the Mac version you need
  • Uninstall WSA and Reboot
  • Install with the new installer, enter your Keycode
  • Let it finish it's install scan
  • Reboot once again
  • DO NOT import any old settings as you can set it up as you like once it's done

Please let us know if that resolves your issue?

Thanks,

Userlevel 2
Badge +3

My last post thanking you vanished. I reinstalled exactly as instructed. The result is that the list of allowed programs is very much shorter containing no residue from the previous installations and after changing the allows to blocks they stay that way unlike before.

However, everything carries on working as if nothing is blocked which defeats the object of checking out what my browsers are up to, none of which show in the process list. I am now certain there is a hidden whitelist.

Also puzzled by double clicking a process which brings up Custom Rules but no way of adding one. Nor have I seen even 1 of the promised warnings when a process connects to the internet.

In your earlier example you show WR working as it should but it looks to me as if you have Officeclicktorun.exe Blocked  but the lower window shows functions allowed.

My understanding of Block is probably at fault. I took it to mean if Officectr was blocked then a warning would be issued whether to allow access or not and if no was chosen then it’s 4 active connections would be blocked?

 

Userlevel 7
Badge +55

Yea there is something wrong with the Firewall as I Blocked Firefox and rebooted and it’s still Blocked but I’m posting this with Firefox so it’s not Blocking things so the Support Ticket is the way to go. Very strange!

 

 

Here is the Online Guide and the Active Connections pictures haven’t been updated: https://docs.webroot.com/us/en/home/wsa_pc_userguide/wsa_pc_userguide.htm#UsingFirewallWebShieldProtection/ManagingActiveConnections.htm%3FTocPath%3DUsing%2520Firewall%2520%252F%2520Web%2520Shield%2520Protection%7C_____3

 

Thanks,

Userlevel 2
Badge +3

Passed it on to support as advised but previous experience gives me little confidence. They are experts in obfuscation. I am actually interested in how you managed to get Firefox to show up on the process list. I’ve never got a browser to show up there. Back in the days of Dr Solomans anti-virus toolkit they did an honest job with no outside interference and the Doc  was always available on Cix to discuss any problems. I dumped Bitdefender  for the same reasons I am about to dump Webroot. Too many invisible fingers in other peoples pies.

Userlevel 7
Badge +55

It only shows up when I have Firefox open or other Browsers in any case they have to be open and running the same with most programs that don’t run a service. That’s why it says “Active Connections”

Userlevel 2
Badge +3

Got this from support :-

“The Webroot SecureAnywhere program does utilize a whitelist that is continuously updated behind the scenes and is not accessible to customers. When we refer to processes on your system, we are typically looking at processes that are not already whitelisted and could potentially be malicious by opening outbound internet connections outside of your browser. Please note that our Firewall is only protecting outbound connections. Microsoft's Windows Firewall will protect against inbound connections to your machine. You can block/allow specific programs by clicking the gear icon to the right of PC Security then clicking on Block/Allow Files. If you choose to block a program and run it, then our software will display a block message and the program will not load. This will also kick off a new scan and the user interface will turn red. If you then decide to allow the program a new scan will turn the user interface green again.”

Not only does this raise the question as to why whitelisted browsers etc can appear on the Process list and allow you, in your ignorance, to block them to no effect. It also raises the question of how you get your program on the Whitelist, how much it costs  and is it then thoroughly tested by Webroot?

Have to say I didn’t expect to pay for an AV program that had already been hacked as most of the others have been too. Anybody know an honest AV program they could recommend. Dr Solomons was for quite a while till he sold out.

Userlevel 7
Badge +55

So @meditek10 what do you get out of what support said? I still think it’s broken.

Userlevel 2
Badge +3

I got :-

  1. There is a hidden whitelist that cannot be over ruled.
  2. Presumably there by arrangement with MS, Browser people, game companies and so forth. Another source of income? Bitdefender does this too as I suppose do all of them except oddly Windows firewall.
  3. The bug is that the process list in active connections shows whitelisted programs which can be ‘blocked’ there but remain unblocked. They are referring this to ‘higher authority’.
  4. I am returning to windows Firewall. seems impossible to turn off the Webroot one or is it?
Userlevel 2
Badge +3

Just spotted the firewall on/off switch!

Reply