I have an issue with a couple of users who have Webroot Secure Anywhere Complete installed.
I have been using your products for over 5 years now and recommend them to anyone and everyone, however the exclusion issue may be going to cause me a problem today!
These users are using a database application and intermittently they lose the Copy/Paste functionality in this application and indeed on the whole PC, one is Windows 7 the other Windows XP.
The database support department have been approached and we were advised to turn off Webroot and see what happened. Turns out that turning Webroot off alleviates the Copy/Paste functionality not working, so it looks as if Webroot is the root cause. I will say that my investigations have uncovered plenty of noise on the Internet of users with similar issues where other applications and functionality have been highlighted as possible causes ie RDPclient.exe etc.
Anyway, the DB vendor has advised that we exclude a couple of folders from the realtime scanning and see if that fixes the issue with Webroot turned on....
...over to you 🙂, before I take the decision to find an alternative.
Edit: Split off into new topic - Kit
Best answer by KitView original
I moved your message off into its own topic to allow peopleto find it more easily and to reflect the issue rather than the assumed cause.
The good news is that it's unrelated to realtime scanning. Third party software companies will generally recommend exclusion from the AV as a mattr of course and for troubleshooting.
The symptoms you are experiencing are related to the Identity Shield functionality, which is explicitly made to block access to certain functionality such as the screen contents and clipboard in some cases. There are a few possibilities on what is occurring in this specific one. I make the assumption, though possibly inaccurately, that a browser is running while this symptom occurs. If no browser is running at all and this continues to happen, contact support immediately for diagnostics gathering and escalation.
Go to the Identity & Privacy tab and click "View/Edit Protected Applications"
- Is the DB program or any part of it listed under "Deny"? If so, change it to "Allow".
- Review the "Deny" list. Any program that you explicitly trust that is set to "Deny" may be changed to "Allow" safely.
If this resolves the issue, you may want to open a support ticket from one of the affected systems with the reason of System Impact (Slowdown) or similar and request cloud evaluation of the DB program. If it's not a common one, it may still be Unknown in the database and that can cause it to be placed into Deny.
- The DB program is listed under "Protect"
- Turning off the Identity Shield (follow up by doing a "shut down protection" and then re-run it with the Identity Shield off) corrects it but nothing was listed under "Deny"
- Setting all items under the Protected Applications list from "Deny" or "Protect" to "Allow" resolves it
You may temporarily resolve it by setting everything to Allow (Including browsers, however they will return to the list when they update), or by turning the Identity Shield off. Contact with support for escalation is highly recommended at that point.
Rant noted...but at the risk of annoying you further you are ranting in the wrong place. We are mainly volunteers here with no commercial affiliation to Webroot.
And if you are looking for a refund then again, you are looking for it in the wrong place...you should be contacting Sales Support (please see this link which outlines such thinkgs and provides contact detail, etc.)
Hope that helps a little.
As a good example, in beta Outlook was blocked from accessing just one little bit of Internet Explorer via the DLL system (Outlook uses IE functionality to display email messages, pretty much). This bit was never anticipated by Outlook coders to ever be restricted, so Outlook's thread would block and stop running, waiting forever for a reply from the IE subsystem that it would never receive. The same thread handled mail fetching. So incoming mail from the exchange server would stop arriving. The bit that was blocked would not cause any other problems in Outlook, but the coding on Outlook caused it to hang forever because it received no response at all.
Even now at my current work, I see all kinds of odd effects from the identity shield. One fun one I've seen is when it blocks the Dell Touchpad software's ability to interact with the mouse pointer in rare circumstances after copying data from a browser and trying to paste it somewhere. I want the ID shield to be an awesome and clean thing, but until other programmers put error traps in EVERYTHING (even things that "should not be capable of failing, ever"), it's a messy situation. 😞
Personally I have not had any real issues with this setting as it is set by default...given the protection implication of not setting it on by default I cannot see Webroot going for the less secure option. Therefore I think that the only other alternative is to make it an installer time option...whether it should be checked or not.
If you uncheck this setting, it will prompt you when an untrusted process tries to access data, but only the first time. For example if an untrusted application tries to take a screenshot, and you say "no", then when it attempts again in the future Webroot will automatically deny it since you said "no" the first time. Likewise, if you say "yes", it will allow it in future instances.
Hope this helps,
1. Go to the Group Management tab in the console
2. Check off the computers you want this to apply to
3. Select Agent Commands->Identity Shield->Allow application and then enter the MD5 and click Submit.
The agents will pick it up at the next poll interval.
Let me know if that works!
Welcome to the Community Forums...:D
dtouch is quite correct re. what he says and all you should need to do is to set the app concerned to 'Allow' under 'Application Protection' tab in the advanced settings for the Identity Protection section (click on grea/cog to the right of the section heading in the main WSA panel). Of course, you should make very sure that you trust the app that you 'Allow' before allowing it.
And for more information & guidance in relation to this and similar areas of WSA, that can confuse users, please see this KB Article which should explain all that you need to know, but the section entitled 2. Identity & Privacy > Protected Applications is most pertinent to you OP.
Hope that helps?
Apologies if I was trying to teach 'my granny to suck eggs' so to speak. :$ Nt know what level of knowledge that you have of WSA I thought it best to start with the basics.
As dtouch says...it would be interesting to understand when this settings 'reset' may have happened? I have never come across it on my own systems...but that does not mean that it does not happen.
May I suggest that you set the settings as you want them/prefer them...and then periodically check to see if there has been any change...as and when there are further changes then I would suggest that you Submit a Support Ticket with all the information so that the Support Team can take a look.
Thanks for the feedback. The weird thing is I cut and paste all the time and I have NEVER come across this issue...which suggests that there is some very specific cause to it. Can you reappraise me as to exactly where the application was 'Deny'ed?
Well..., I can fully confirm this!
I haven't noticed the described issues on any of my machines, where WSA is the first as well as the only line of defence against threats.
Oh..., by the way...
A Big Kudo for you Baldrick!
I'm adding the troublesome apps into the listing for now. Keep us posted!
Kit is no longer with Webroot, so he might not reply (though he's more than welcome to!). However, this topic is six months old, and the issue in question may not even be an issue any longer. Are you encountering a problem with copy/paste? Does the problem go away when you disable the Identity Shield? Which program is having the issue?
To answer your question, if you were to choose to allow for a browser, yes it would make the browser vulnerable at least insofar as the protection offered by the Identity Shield specifically is concerned. You would still be protected against malicious executables trying to target a browser because of Webroot's other shields, but certain other avenues could be open to attack at that point.
If you can specify some details about the problem you're running into, I'm sure we can help.