Webroot® DNS Protection
Welcome to the DNS Protection Discussion Forum!
- 34 Topics
- 184 Replies
We are very pleased to announce the launch of the DNS Leak Prevention Beta. This is an opportunity for us to share with you the feature we are about to release, as well as to solicit feedback, both from a technical and functionality perspective. Download the Beta Runner here.Documentation available here. What is DNS Leak Prevention? This is a new patent pending feature of the Webroot DNS Protection product. It is designed to provide control of DNS by blocking all alternate DNS resources aside from those configured in Webroot DNS Protection. This is done by locking down port 53 TCP and UDP (DNS), port 853 TCP (DNS over TLS), and port 443 TCP to known DoH providers. Why are we creating DNS Leak Prevention? As Webroot DNS Protection is a DNS filtering product, if we are not filtering every DNS request, it means that things are being missed. For example, if a web browser were to be configured to get DNS resolution directly from its own server, and disregard what was configured on the opera
Hello forum members,I hope everyone is doing well. Today, I would like to discuss an issue I've been encountering regarding the compatibility between Webroot DNS Protection and our web filtering software. If any of you have experienced similar challenges or have insights to share, I would greatly appreciate your input.The Challenge:Compatibility between Webroot DNS Protection and Web Filtering SoftwareAs an organization, we understand the importance of web filtering [ https://lenovonetfilter.com/resource/five-common-web-filtering-questions-answered ] to ensure a safe and secure online environment for our users. We have been using a web filtering software solution to control internet access and block inappropriate content. Recently, we implemented Webroot DNS Protection to enhance our overall security measures. However, we have encountered some compatibility issues between these two solutions.Specifically, we have noticed the following challenges:Conflict between Webroot DNS Protection
The block page category function does not work for uncategorized sites. The user and tech had no idea why the page is being blocked. On that if a URL does not resolve there should be a Category as well. People will typo URLs and think the page is blocked when it is just them going to the wrong place.
Hello all,I saw a few other forum posts about this topic with no replies.When an offsite domain workstation connects to our VPN, all of the webroot DNS filters are overwritten and they can access any website. When disconnected from the VPN, the web filter takes effect again almost immediately.We plan to take a look on our end with the firewall, but wanted to bump this question since it seems to be a popular one and I wasn’t sure if anyone has come across a solution.Thank you!
Really need a sanity check. Getting ready to deploy DNS protection to a client that only has endpoint protection.The only difference between this client and other using DNS protection is that they don’t have a DNS server. They have no on-prem servers or services that would need to resolve locally. Storage and apps are cloud based.I couldn’t find anything in the deployment guides about anything different for this type of environment. I suspect it is because there is nothing different that needs to be done, but I thought I would reach out to the community pre-deployment to see if anyone has deploy to a similar environment recently and what to expect.TIAMike
Can anyone tell me where I should make new DNS protection policies? If I go to the larger policies at the top, these don’t show up in DNS protection. If I go to the cog for DNS protection, you can only choose a policy for the site as a default. If I go into the client this is to manage Endpoint Protection. We have a customer, say “steve inc” for example, I need half to have one DNS policy but the other half another, it would seem this is impossible?
Hi, I tried to enable DNS protection for a macOS device (v10.15.3 Catalina). I noticed there is only a Windows icon on “Install DNS Protection” settings. Does this mean DNS protection is not yet supported on macOS? I checked the docs but couldn’t find anything about this. Is there a way to manually install the DNS protection agent if it is not possible via the policy settings? Thanks for any help.
I find webroot Google search engine. I hope you will help. I am teacher in the school. I need to block this site. I give you link. https://sites.google.com/site/allunblockedgames77 Children enter this site in their free time. They don't listen to me. Can I block through the system, will you show me the way ? I want to block all unblocked games web site. I try dns but it is useless. Thank you.
Hi All – I am the Product Manager for DNS Protection and my colleague [user=51739]JonathanB[/user] and I are resident DNS evangelists and we are always interested in hearing from you on your experience with the product – good or bad! It has been close to 2 years since we launched DNS Protection service to the market and I am happy to share that we received the highest rating by [url=https://www.expertinsights.com/service-types/dns-web-filtering/reviews][u]Expert Insights[/u][/url] and we are seeing good steady adoption of the product. Webroot is committed to serving our SMB and MSP customers and bringing best in class Security offerings. To recap, 2018 was a very busy year for us and I would like to highlight some key product enhancements that has driven our growth: [list] [*]VPN support + IPv6 support (only vendor to support IPv6 for roaming clients) [*]Granular Policy Management enables support at Site, Group, and individual devices. [*]Stable, Hardened DNS client for
I'm trying to get webroot to report the following, but I haven't found a report that does this yet. [list=1] [*]I need to see a report that ONLY shows me websites a user has actually typed into the browser, I don't need to see every bit of communication between the client and the webroot DNS servers. [*]I need to see exactly what time in my own time zone, PST, not UTC when the user accessed each website. [*]I need to see how long a user has actually been on a website. For example, I want to see two different times, one for active website, and then if a user just has the website open, but hasn't touched it for 2 hours, let's say the tab is open in the browser, I want to see the difference between the two. [/list]Is there such a report, or can a report please be written to show the above info, as the current reports are useless to me.
Eventerviewer: Event 7011, Service Control Manager: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DnsProxyAgent service.
I periodically get a "A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DnsProxyAgent service" message in my event log. Sometimes this happens twice in a span of 36 - 39 seconds. What could be causing this? I still have DNS protection running according to dnsptest.webroot.com and I haven't really encountered many issues. I just want to reduce errors in the event viewer.
Hello, I have 16 total DNS agents installed, 14 of which shows as active, and another 2 showing as in-active. My question is: What is the criteria for a client to be "Inactive"? I checked the client machines and the DNS Protection Agent service is running, and the console reports that the End Point and DNS Agent is installed. Unsure why 2 of my clients aren't becoming 'active'. Any help or guidance is greatly appreciated. Thank you, Brad
I'm not sure if this is appropriate in the community forums, but I was hoping someone could test my DNS settings and verify if they are experiencing the same issue (if this is not appropriate, any troubleshooting tips would be greatly appreciated). I've attached screenshots of my DNS Policy and Web Allow List. [img]https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/37205i1F74005975B4AAA7.png[/img] We have a need to occasionally place orders on the site: [url=https://suzannesomers.com]https://suzannesomers.com[/url], but when attempting to progress past the Customer Information page, nothing happens. There is no blocked page, and the site does not forward any DNS queries that I could see by using the nirsoft DNS sniffer tool. Here is how to recreate the issue we are experiencing. On the website after a few moments there will be some scrolling products, hover over the picture> Quick View> Add to Bag. Then new the top right of the page is the Cart icon, click
Hi Guys, We wanted to block all web ads and webroot helped to do this, but we had an issue with google searches having their ads at the top and customers clicking ads to legitimate sites and them getting blocked. I had a quick search around but wasn't able to find a work around to either hide those ads or allow webroot to pass them through. I did a little testing and found a way to keep blocking web ads but allow access to the google ads (purely for customer ease). This was to create a whitelist for googleadservices.com in the GSM Overrides. Hopefully this helps someone else work around this. Thanks Guys.
Hi, We're currently running a demo of the DNS Protection agent. So far, I like the ease of install; just enable it on the Webroot SecureAnywhere Endpoint Policy and it gets installed pretty much immediately (next poll). That's nice. Also like the DNS protection at the network level - guest wifi, DNS forwarders. So anything devices on the network get the benefit as well. What I'm not liking is the reporting. There's no way to do a custom report on a user's web browsing. And there's no DNS Charts for the Dashboard. It would be nice to quickly look at the Dashboard and see some charts for Web Browsing - Top Users, Threats Blocked, etc. We're currently a Forcepoint shop and potentially looking to switch Are there any Reporting updates coming soon to this product? Thanks.
Hi All, I am curious what categories we should look at blocking to prevent users from using torrents? I have Security Risk and the Human Resources categories selected. Are there any others that we should key in on. Thanks in advance for any suggestions. Chris
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.