Solved

Copy/Paste Stops Working in some applications

  • 15 January 2013
  • 55 replies
  • 829 views

Kit
 
I have an issue with a couple of users who have Webroot Secure Anywhere Complete installed.
 
I have been using your products for over 5 years now and recommend them to anyone and everyone, however the exclusion issue may be going to cause me a problem today!
 
These users are using a database application and intermittently they lose the Copy/Paste functionality in this application and indeed on the whole PC, one is Windows 7 the other Windows XP.
 
The database support department have been approached and we were advised to turn off Webroot and see what happened.  Turns out that turning Webroot off alleviates the Copy/Paste functionality not working, so it looks as if Webroot is the root cause.  I will say that my investigations have uncovered plenty of noise on the Internet of users with similar issues where other applications and functionality have been highlighted as possible causes ie RDPclient.exe etc.
 
Anyway, the DB vendor has advised that we exclude a couple of folders from the realtime scanning and see if that fixes the issue with Webroot turned on....
 
...over to you 🙂, before I take the decision to find an alternative.
 
Regards
 
Brian
 
Edit: Split off into new topic - Kit
icon

Best answer by Kit 15 January 2013, 17:22

View original

55 replies

Userlevel 7
Hi Brian!
 
I moved your message off into its own topic to allow peopleto find it more easily and to reflect the issue rather than the assumed cause.
 
The good news is that it's unrelated to realtime scanning.  Third party software companies will generally recommend exclusion from the AV as a mattr of course and for troubleshooting.
 
The symptoms you are experiencing are related to the Identity Shield functionality, which is explicitly made to block access to certain functionality such as the screen contents and clipboard in some cases.  There are a few possibilities on what is occurring in this specific one. I make the assumption, though possibly inaccurately, that a browser is running while this symptom occurs. If no browser is running at all and this continues to happen, contact support immediately for diagnostics gathering and escalation.
 
Go to the Identity & Privacy tab and click "View/Edit Protected Applications"
 
- Is the DB program or any part of it listed under "Deny"?  If so, change it to "Allow".
- Review the "Deny" list.  Any program that you explicitly trust that is set to "Deny" may be changed to "Allow" safely.
 
If this resolves the issue, you may want to open a support ticket from one of the affected systems with the reason of System Impact (Slowdown) or similar and request cloud evaluation of the DB program. If it's not a common one, it may still be Unknown in the database and that can cause it to be placed into Deny.
 
If...
- The DB program is listed under "Protect"
- Turning off the Identity Shield (follow up by doing a "shut down protection" and then re-run it with the Identity Shield off) corrects it but nothing was listed under "Deny"
...and/or
- Setting all items under the Protected Applications list from "Deny" or "Protect" to "Allow" resolves it
 
You may temporarily resolve it by setting everything to Allow (Including browsers, however they will return to the list when they update), or by turning the Identity Shield off.  Contact with support for escalation is highly recommended at that point.
Userlevel 1
Thank you. I have applied the recommendation. I will keep the forum updated with my results as soon as I can verify.
Userlevel 7
Badge +56
Ok I'll put in a ticket.
Userlevel 7
I'm told there is some development being done around fixing the copy/paste problems. Hopefully we'll start to see some results of that work pretty soon. 🙂
Userlevel 7
Hi Ohzman
 
Rant noted...but at the risk of annoying you further you are ranting in the wrong place.  We are mainly volunteers here with no commercial affiliation to Webroot.
 
And if you are looking for a refund then again, you are looking for it in the wrong place...you should be contacting Sales Support (please see this link which outlines such thinkgs and provides contact detail, etc.) 
 
Hope that helps a little.
 
Regards
 
 
Baldrick
Userlevel 7
Much as I dislike saying so, the identity shield has been a pain in my side since beta years ago. I finally decided to look at some of the raw stuff going on and it turns out that most of the pain it creates is caused by other programs not handling things properly.
 
As a good example, in beta Outlook was blocked from accessing just one little bit of Internet Explorer via the DLL system (Outlook uses IE functionality to display email messages, pretty much). This bit was never anticipated by Outlook coders to ever be restricted, so Outlook's thread would block and stop running, waiting forever for a reply from the IE subsystem that it would never receive. The same thread handled mail fetching. So incoming mail from the exchange server would stop arriving. The bit that was blocked would not cause any other problems in Outlook, but the coding on Outlook caused it to hang forever because it received no response at all.
 
Even now at my current work, I see all kinds of odd effects from the identity shield. One fun one I've seen is when it blocks the Dell Touchpad software's ability to interact with the mouse pointer in rare circumstances after copying data from a browser and trying to paste it somewhere.  I want the ID shield to be an awesome and clean thing, but until other programmers put error traps in EVERYTHING (even things that "should not be capable of failing, ever"), it's a messy situation. 😞
Userlevel 7
EDIT:  Apologies, BoQu...I should have first welcomed you to the Community Forums...which I now do...belatedly.
 
Personally I have not had any real issues with this setting as it is set by default...given the protection implication of not setting it on by default I cannot see Webroot going for the less secure option.  Therefore I think that the only other alternative is to make it an installer time option...whether it should be checked or not.
 
Baldrick
Userlevel 7
Hi MadeMeCry,

If you uncheck this setting, it will prompt you when an untrusted process tries to access data, but only the first time. For example if an untrusted application tries to take a screenshot, and you say "no", then when it attempts again in the future Webroot will automatically deny it since you said "no" the first time. Likewise, if you say "yes", it will allow it in future instances.

Hope this helps,
Shran
Userlevel 7
Badge +56
You should be able to whitelist those - are you running the consumer version or the business version?
Userlevel 7
Badge +56
Sure thing - for endpoint, here's how you do it:
 
1. Go to the Group Management tab in the console
2. Check off the computers you want this to apply to
3. Select Agent Commands->Identity Shield->Allow application and then enter the MD5 and click Submit.
The agents will pick it up at the next poll interval.
 
Let me know if that works!
Userlevel 6
Badge +24
I have never had an issue with it after allowing certain programs under application protection list, unless maybe after an update, wsa detect it altogether as new program and you have to allow it again in application protection list under identity shield.
Userlevel 7
Hi mikespeir
 
Welcome to the Community Forums...:D
 
dtouch is quite correct re. what he says and all you should need to do is to set the app concerned to 'Allow' under 'Application Protection' tab in the advanced settings for the Identity Protection section (click on grea/cog to the right of the section heading in the main WSA panel).  Of course, you should make very sure that you trust the app that you 'Allow' before allowing it.
 
And for more information & guidance in relation to this and similar areas of WSA, that can confuse users, please see this KB Article which should explain all that you need to know, but the section entitled 2. Identity & Privacy > Protected Applications is most pertinent to you OP.
 
Hope that helps?
 
Regards
 
 
Baldrick
Well, thanks, but that's what I already do.  For some reason (and it may be a variety of reasons) the setting gets changed back unexpectedly.  I'm just having trouble seeing the need for that.  Granted, it's something that could be exploited.  But I used Norton (Symantec) for years and I don't remember it ever doing anything like that.  (On the other hand, if I'd been happy with it, I would've stuck with it, right?)  WebRoot, I think, employs a fairly unusual approach to combating malware and shareware, and it's served me well so far.  If not for this one annoyance, I'd have no real gripe at all.
Userlevel 7
Hi mikespeir
 
Apologies if I was trying to teach 'my granny to suck eggs' so to speak. :$  Nt know what level of knowledge that you have of WSA I thought it best to start with the basics.
 
As dtouch says...it would be interesting to understand when this settings 'reset' may have happened?  I have never come across it on my own systems...but that does not mean that it does not happen.
 
May I suggest that you set the settings as you want them/prefer them...and then periodically check to see if there has been any change...as and when there are further changes then I would suggest that you Submit a Support Ticket with all the information so that the Support Team can take a look.
 
Regards
 
 
 
Baldrick
I'll do some experimenting and see if I can identify more of the particulars of when it's happening.
Userlevel 7
Hi mikespeir
 
Thanks for the feedback.  The weird thing is I cut and paste all the time and I have NEVER come across this issue...which suggests that there is some very specific cause to it.  Can you reappraise me as to exactly where the application was 'Deny'ed?
 
Cheers
 
 
Baldrick
Userlevel 7
Hi mikespeir, 
@ wrote:
The weird thing is I cut and paste all the time and I have NEVER come across this issue...which suggests that there is some very specific cause to it.  
Well..., I can fully confirm this! 
I haven't noticed the described issues on any of my machines, where WSA is the first as well as the only line of defence against threats.
 
 
Oh..., by the way... 
@ wrote:
Rant noted...but at the risk of annoying you further you are ranting in the wrong place.  We are mainly volunteers here with no commercial affiliation to Webroot
A Big Kudo for you Baldrick!
 
Regards,
 
Mike
 
@_GoSpursGo wrote:
Hi MadeMeCry,

If you uncheck this setting, it will prompt you when an untrusted process tries to access data, but only the first time. For example if an untrusted application tries to take a screenshot, and you say "no", then when it attempts again in the future Webroot will automatically deny it since you said "no" the first time. Likewise, if you say "yes", it will allow it in future instances.

Hope this helps,
Shran
Thanks, that clarifies that it is the "Silently and automatically" part of the phrase that the option toggles (rather than toggle the actual ability to"block untrusted access to user data").  The description in the online help was no clearer as it just reworded this to "Automatically prevents unknown programs from accessing user data".
 
 
Userlevel 1
Preliminary results say that this solution worked. I would like to give this 24 hours to confirm to be working as intended. Our ERP/CRM solution is Microsoft Dynamics AX 2012 R3.
Userlevel 7
Badge +56
Strange - did the ERP software undergo an update, perchance?  If not, then this shouldn't be happening and we should get support to investigate and find out what is going on.
Userlevel 6
Badge +24
Most clipboard applications begin with similar issue.. I had been wondering and and finally setting them allow in identity shield sorts the problem.
Userlevel 1
Thank You for the answer!  I've been cursing *@(@*@  about what's been blocking my copy/paste operations and now I know. 
 
I'm adding the troublesome apps into the listing for now.  Keep us posted!  
Kit, if you do choose "allow" does that allow for the entire browser to then be vulnerable to attack ?
Userlevel 7
Hi peacefl,
Kit is no longer with Webroot, so he might not reply (though he's more than welcome to!). However, this topic is six months old, and the issue in question may not even be an issue any longer. Are you encountering a problem with copy/paste? Does the problem go away when you disable the Identity Shield? Which program is having the issue?

To answer your question, if you were to choose to allow for a browser, yes it would make the browser vulnerable at least insofar as the protection offered by the Identity Shield specifically is concerned. You would still be protected against malicious executables trying to target a browser because of Webroot's other shields, but certain other avenues could be open to attack at that point.

If you can specify some details about the problem you're running into, I'm sure we can help.
I work for a company and I have to use my browser to see customer tickets, but when I attempt to copy and paste, webroot is blocking that functionality I have went into that area described above and checked "Allow" for I.E., Chrome and Firefox. Is there some other way to tweak this in Webroot instead of that option so that it is actually protecting the browsers ? or no?.

Reply