Solved

WR Data cleanup


Userlevel 4
Any news on the WSA release that will clran up old dbxxxx.db files.
David
 
icon

Best answer by shorTcircuiT 11 August 2015, 04:15

View original

34 replies

Userlevel 7
Badge +56
I wouldn't recommend to delete for non security knowledgeable type of users as WSA could be Monitoring something and you would delete it's rollback option for that monitored process again IMO for experts only.
 
Thanks,
 
Daniel
 
 
EDIT BY shorTcircuiT: I have marked this as a Solution even though it is not the END solution.  Daniel is very correct that removing anything from the WRData folder should be left to experts only, and generally speaking the folder should NOT be deleted entirely.  Please do not do this unless advised by Support.
Userlevel 7
Badge +56
Update: our dev team has it on their roadmap but we don't have an estimated time for when this will be worked on yet.
 
In the meantime if you do need to clear out those areas you can do it in the following ways:
For consumer: shutdown protection, then delete %programdata%WRDATA and then restart Webroot.
For business: send the agent command Clear Log Files
 
Hope that helps!
Userlevel 7
Badge +56
Yeah some of this was new info to me. Before I thought the only way to clear them out was an uninstall and reinstall. You learn something new every day 🙂 I think you'll want to make sure that nothing is being actively monitored first, so you won't be removing anything necessary for rollback to work.
Userlevel 7
I believe in doing that solution you will ALSO be losing the data of any previously manually white-listed URL's, as well as the data files for the Web Filter itself which is sometimes needed to manually install or update the Filter in Chrome or other browsers.
Userlevel 7
?, what browser were you using for your test?  We had different results.  I was using Chrome.   
 
 
 
EDIT: For the record, the registry entries ARE there, but I have NOT edited them.
Userlevel 7
I think the bottom line of the original question of this thread is that we will need to be patient... It is not a good idea at all to be deleting or altering anything in the WRData folder without expert assistance.  :)
Userlevel 7
Badge +56
@ wrote:
Yes.. all my browsers have it enabled as they all block the known bad site.   White list it and they all allow it.  Delete the whitelist file and they all block it again.  At least that is how it is behaving on my computer, without touching the registry.  
Your right! Just delete the Whitelist and reboot! Works fine for Firefox, Chrome and IE11 but does not Block on Edge or Cyberfox.
 
Thanks Buddy!
 
Daniel 😉
Userlevel 7
Badge +62
Well it's always good to watch and learn..I wasn't comfortable testing this out..LOLs;)
 
 
Thanks guys!!
Userlevel 7
Badge +56
@ wrote:
I think the bottom line of the original question of this thread is that we will need to be patient... It is not a good idea at all to be deleting or altering anything in the WRData folder without expert assistance.  :)
Correct! 😉
Userlevel 7
Badge +56
I don't have any updated info but I can check and see what the latest is.
Userlevel 7
@ wrote:
@ wrote:
@ wrote:
@ wrote:
I believe in doing that solution you will ALSO be losing the data of any previously manually white-listed URL's, as well as the data files for the Web Filter itself which is sometimes needed to manually install or update the Filter in Chrome or other browsers.
I think that's kept in the Registry if I'm not mistaken and the only way to remove the Blocked URL? And Joe told me it's quite hard to break WSA by deleting the files as most of them will be recreated.
 
Daniel
The white list is contained in the wrURL folder, Whitelist file.  Simply deleting that file will re-block all sites that had been manually allowed in the past.  The file will automatically recreate itself as a blank file as soon as WSA or the computer is restarted, so it will not cause any program errors regarding a missing file, but the data will be lost.
Lets Test it.
As long as it has not been changed in the last 12 months, I have tested it.  A few times :)
 
 
Userlevel 7
Typical me.  i FINALLY show my sorry face around here and I cause trouble ROFL
 
 :)
Userlevel 7
Badge +56
I did a test and allowed a bad page but deleting the Whitelist does nothing you have to remove the blocks in the registry and reboot then the blocked page comes back.
 
This is a test, members please do not play with the Registry unless you know what you are doing!
 

Userlevel 7
Badge +7
Sorry for the delay as I got pulled away...
 
I rebooted and the the entry that I had deleted from the whitelist txt file is still gone.
 
I checked the registry and the entries for that deletion in the txt file are still in the registry and still allow me to go to the site without prompting me for any additional input.
 
Dave
Userlevel 7
Badge +7
I have only tested with Aviator.  Guess I should try a couple others.
Userlevel 7
Well, having the same bad site Daniel had tested in my whitelist, I can get to it with Chrome, IE and Firefox all three. 
 
With deleting the whitelist file, and restarting protection, NOT closing the browsers, just hitting refresh, all three now block the page.. no edit of the registry needed.
Userlevel 7
Badge +7
HAHAHA, :D
 
I had reinstalled those browsers after the Win10 upgrade.
 
Just in case you did not know, you have to enable the WSA filtering extension if you want it to work. ;)
 
Guess who forgot...... Oh well, I never said I was perfect.
 
They all got blocked after fixing that.
 
Dave
Userlevel 7
Yes.. all my browsers have it enabled as they all block the known bad site.   White list it and they all allow it.  Delete the whitelist file and they all block it again.  At least that is how it is behaving on my computer, without touching the registry.  
Userlevel 4
Thank you, I got the answer.
Closed, somehow?
 
Userlevel 7
@ wrote:
@ wrote:
I believe in doing that solution you will ALSO be losing the data of any previously manually white-listed URL's, as well as the data files for the Web Filter itself which is sometimes needed to manually install or update the Filter in Chrome or other browsers.
I think that's kept in the Registry if I'm not mistaken and the only way to remove the Blocked URL? And Joe told me it's quite hard to break WSA by deleting the files as most of them will be recreated.
 
Daniel
The white list is contained in the wrURL folder, Whitelist file.  Simply deleting that file will re-block all sites that had been manually allowed in the past.  The file will automatically recreate itself as a blank file as soon as WSA or the computer is restarted, so it will not cause any program errors regarding a missing file, but the data will be lost.
Userlevel 7
@ wrote:
I wouldn't recommend to delete for non security knowledgeable type of users as WSA could be Monitoring something and you would delete it's rollback option for that monitored process again IMO for experts only.
 
Thanks,
 
Daniel
Hi Daniel
 
I completely agree with you on this particular point.  Far better, if one is technical or has some technical knowledge, to delete specific .db file by date, having first checked all relevant locations within WSA where a file/app could be set to 'Monitor'.  Make sure that there is nothing that looks suspicious that is being monitored (I often find that new versions of some apps are regularly 'monitored' but because I know/trust the app I can switch that off).
 
I also NEVER delete any .db files that are newer than a couple of weeks old...just in case.
 
Regards, Baldrick 
Userlevel 7
Badge +7
That's odd...  With Windows 10 I did not have any trouble editing my whitelist and removing an entry.  :S
Userlevel 7
Badge +7
Yes, mine is an admin account.  That might be the difference.
Userlevel 7
Badge +7
I did not shut down anything so I am really at a loss on this one.
 
Dave
Userlevel 7
I am getting a different result.
 
Going to a known bad page (the same one you used for your test) it is of course blocked.   I manually allow the page.
 
Now I can navigate to it without a problem.  Once I delete the whitelist file, the page is now blocked again.  I have NOT done any resistry editing.

Reply