Webroot Filtering Extension (Chrome) no more Green Padlocks

  • 25 October 2013
  • 80 replies
  • 925 views

Userlevel 3
Enabling Webroot Filtering Extension causes safe "green padlock" sites to report a message that states "this page includes other resources that are not secure".  This image should explain everything.
 


80 replies

Userlevel 7
This functionality could be possible in the future. You can submit a New Idea if you would lilke and we will see other opinions on it.
Userlevel 7
I can't see the pic.. can a Mod approve it?
 
I am guessing though that it is the same one that I see... not the green padlock but the gray one with a yellow triangle.
 
Personally, I like it as I can easily tell the difference between a page in which ALL content is delivered from a secure server and which content, while OK, is not derived from the same source.
Userlevel 3
Ok... it seems like I didn't explain my point well.
 
 
The gray-padlock-with-yellow-triangle is a native part of Chrome.  You can see that icon when you go to a website that is SSL secure, but, say, embeds an image or banner or something from another server that isn't SSL secure.
 
The green padlock is a native part of Chrome.  You see that icon when you go to a website where every element on the webpage (images, javascript, etc) is local to the secured SSL server.
 
 
The issue is that I never see any green padlocks when Webroot Filtering Extension is enabled.  The extension acts as "something on the page that's embedded from another server".  Thus, I can never tell the difference between a 100% secured website and once that's only partially secure.
 
Since I own and run an insurance website, I would very much like users to see the green padlock on my site.  But if they have Webroot Filtering enabled, they'll only see the partially-secure icon... and it looks like it's my company's fault we're not 100% secure.
 
Kind regards,
David
Userlevel 7
@ wrote:
Ok... it seems like I didn't explain my point well.
 
 
The gray-padlock-with-yellow-triangle is a native part of Chrome.  You can see that icon when you go to a website that is SSL secure, but, say, embeds an image or banner or something from another server that isn't SSL secure.
 
The green padlock is a native part of Chrome.  You see that icon when you go to a website where every element on the webpage (images, javascript, etc) is local to the secured SSL server.
 
 
The issue is that I never see any green padlocks when Webroot Filtering Extension is enabled.  The extension acts as "something on the page that's embedded from another server".  Thus, I can never tell the difference between a 100% secured website and once that's only partially secure.
 
Since I own and run an insurance website, I would very much like users to see the green padlock on my site.  But if they have Webroot Filtering enabled, they'll only see the partially-secure icon... and it looks like it's my company's fault we're not 100% secure.
 
Kind regards,
David
You're fully correct. When the extension is enabled it surpasses a native green padlock of browsers (in my case Opera Chromium) and it faces like a https site is only http. However if you click on the globe, you will see certificate what does mean that the site is indeed https.
 
I have had a remote session with @ a couple of days ago and one of the issues he tried to troubleshoot was this one. Having examined this problem Lucas said that it is only a cosmetic hitch but Webroot will look into it more deeply to find a fix.
 
So, hopefully we will get back the green padlocks even if the extension is enabled.
Userlevel 7
Badge +6
This is an unacceptable issue that Webroot needs to address immediately. It prevents users from verifying the security of their web sessions as they are taught to do.
Userlevel 7
@ wrote:
This is an unacceptable issue that Webroot needs to address immediately. It prevents users from verifying the security of their web sessions as they are taught to do.
I have to agree. I didn't realize that not all users are so skilled to find another way how to verify the site is SSL secured. You're right that if users will not see the green padlock they can start to panic.
 
I appeal on Webroot to resolve this issue as soonest, for their own good!
Userlevel 7
@ or @ or @ 
 
Any progress in fixing this bug? ETA?
Userlevel 7
I was not able to reproduce this issue and we are not seeing this as a common occurence. Are you on 8.0.4.24 and is Google Chrome listed as Protected under Identity Protection and then Application Protection?
 
If you are in fact on .24 and Chrome is listed as Protected - Please submit this to the Support System so that we can begin to collect more info.
Userlevel 7
Mike thx for reply but sorry I won't open a new ticket to get in the queue. I had a remote session with Lucas recently who confirmed the issue. The same observed David and explanoit, pls reread this thread.

The ball is on your side.
Userlevel 7
If he has already reproduced the issue with you, he will take care of creating a ticket. I'll touch base with him tomorrow.
Same issue here...I enabled the Webroot extension and my familiar green padlock is gone.  I have had to disable the extension to be readily certain of the secured connection---cosmetic or not, it's a bad thing to have insecure content on the page.  Why is the webroot extension considered "insecure content"?  Can you not do something so that it passes muster like other extensions?
Userlevel 7
Chrome displays the yellow triangle/padlock when it is an SSL site, but insecure content is detected. Our Web Filtering communicates with WSA over the local host and Chrome regards that http traffic as insecure.
does this mean we are to disable or accept this filtering.
Is there no workaround on this?  It appears that I have no choice but to disable the extension, because I have no way of knowing if the Webroot extension is the ONLY content on the page that is being considered insecure, and not some other malicious item as well.  I need to know for a certainty that ALL the content is secure.
Userlevel 5
This is an unavoidable behavior because Webroot changes the content of search result pages by injecting content into them for the search result annotation. This will happen with any product analyzing search pages (unless they're lying to Chrome) but it doesn't affect performance or the behavior of Chrome.
 
Let me know if you have any questions!
Userlevel 7
Badge +56
Hi Joe,
 
So this is a Chrome issue and are Firefox & IE affected by this as I don't use Chrome?
 
Thanks,
 
Daniel 😉
Userlevel 5
@ wrote:
Hi Joe,
 
So this is a Chrome issue and are Firefox & IE affected by this as I don't use Chrome?
 
Thanks,
 
Daniel ;)
 
Correct, this is only going to happen on Chrome (partly due to their sandboxing).
Userlevel 7
Badge +56
@   And there is no possible work around now and how about for the future? Just in case someone asks!
 
Thanks,
 
Daniel 😉
Userlevel 5
@ wrote:
@   And there is no possible work around now and how about for the future? Just in case someone asks!
 
Thanks,
 
Daniel ;)
 
At the moment, Chrome does not have any workaround available for it. I'm checking if we could limit it to only search result pages (from the posts it sounds like it's happening on other pages as well - can someone confirm?)
 
Thanks!
Yes, it happens on all https pages that I've tried (banking sites, paypal, my own secured website, etc).  This is problematic for us web developers, as someone else has already mentioned, because it makes sites that we maintain look like we've got content problems in our pages---when accessed by Webroot users---when we really don't.  
 
The only solution I have found is to disable the Webroot extension, making my machine's SecureAnywhere solution less complete.  But doing so doesn't solve the problem of any other Webroot users accessing my website arriving at the false impression that my  site has a security issue. 😞  I do wish there were some sort of workaround.
 
 
Userlevel 5
@ wrote:
Yes, it happens on all https pages that I've tried (banking sites, paypal, my own secured website, etc).  This is problematic for us web developers, as someone else has already mentioned, because it makes sites that we maintain look like we've got content problems in our pages---when accessed by Webroot users---when we really don't.  
 
The only solution I have found is to disable the Webroot extension, making my machine's SecureAnywhere solution less complete.  But doing so doesn't solve the problem of any other Webroot users accessing my website arriving at the false impression that my  site has a security issue. 😞  I do wish there were some sort of workaround.
 
 
Could you try disabling search result annotation under the Firewall settings and see if that fixes it?
Where is this setting?  I don't see it in the Webroot console on my machine, and there doesn't seem to be any settings for the Webroot filtering extension.  Just for kicks I looked for a similar setting in Chrome, but don't see one there either.  Am I overlooking something?
Userlevel 7
Badge +56
It's the second box down on this page just uncheck and save: http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C4_Firewall/CH4b_ChangingFirewallAlertSettings.htm
 
Daniel 😉
Okay, I changed that setting, then tried paypal and a banking site, as well as refreshing this page.  They all go green for a second or two, then it switches to the warning icon.  
Userlevel 7
Badge +56
@ wrote:
Okay, I changed that setting, then tried paypal and a banking site, as well as refreshing this page.  They all go green for a second or two, then it switches to the warning icon.  
Did you restart Chrome? Try playing with the settings and see if anything works and reply back.
 
Thanks,
 
Daniel

Reply