Webroot Filtering Extension (Chrome) no more Green Padlocks

  • 25 October 2013
  • 80 replies
  • 925 views

Userlevel 3
Enabling Webroot Filtering Extension causes safe "green padlock" sites to report a message that states "this page includes other resources that are not secure".  This image should explain everything.
 


80 replies

I have, and it made no difference. I couldn't see any other settings that would relate, though I did try also unchecking the "Automatically protect new browsers" setting too. Again (and as expected) that made no difference either.

So now I'm curious---with the extension disabled, is Webroot able to do anything to protect my computer, or that an integral piece of the puzzle?
Userlevel 5
@ wrote:
I have, and it made no difference. I couldn't see any other settings that would relate, though I did try also unchecking the "Automatically protect new browsers" setting too. Again (and as expected) that made no difference either.

So now I'm curious---with the extension disabled, is Webroot able to do anything to protect my computer, or that an integral piece of the puzzle?
The web filtering extension is important to protection and I would strongly recommend leaving it enabled. The Chrome warnings are superficial and not indicative of any underlying problem with the websites you're visiting. I'll have the team look into what we could possibly do to avoid this but it is due to how Chrome's sandbox works and how plugins are forced to integrate with websites so there may not be a workaround available.
Userlevel 3
@ wrote:The web filtering extension is important to protection and I would strongly recommend leaving it enabled. The Chrome warnings are superficial and not indicative of any underlying problem with the websites you're visiting. I'll have the team look into what we could possibly do to avoid this but it is due to how Chrome's sandbox works and how plugins are forced to integrate with websites so there may not be a workaround available.

From my perspective, this extension is hurting users more than helping.  I have a bona fide secure website (optilegra.com), and could not place a higher emphasis on security... yet...
 
1) The Webroot Filtering extension lists it as only "yellow" in google (even though I'm listed as "green" at brightcloud.com... the website I was told that generates the colors for the website in the google listing)
 
and
 
2) The padlock on my website isn't green.
 
That's TWO false negatives regarding my website, that occur for unrelated reasons.  The extension lies to users about the actual security level of my business.
 
I like the webroot software on my computer, but (as of right now) this extension is garbage and possibly costing me business.  I mean, that's always a fun phone call to take... "Hey I went to the website on your business card, but my antivirus programs says you aren't safe..."
 
Fix this.  
 
Now.
 
Or please disable it for all your users until you stop lying about a secure website being insecure.
 
Kind regards,
David
Userlevel 5
@ wrote:
@ wrote:The web filtering extension is important to protection and I would strongly recommend leaving it enabled. The Chrome warnings are superficial and not indicative of any underlying problem with the websites you're visiting. I'll have the team look into what we could possibly do to avoid this but it is due to how Chrome's sandbox works and how plugins are forced to integrate with websites so there may not be a workaround available.

From my perspective, this extension is hurting users more than helping.  I have a bona fide secure website (optilegra.com), and could not place a higher emphasis on security... yet...
 
1) The Webroot Filtering extension lists it as only "yellow" in google (even though I'm listed as "green" at brightcloud.com... the website I was told that generates the colors for the website in the google listing)
 
and
 
2) The padlock on my website isn't green.
 
That's TWO false negatives regarding my website, that occur for unrelated reasons.  The extension lies to users about the actual security level of my business.
 
I like the webroot software on my computer, but (as of right now) this extension is garbage and possibly costing me business.  I mean, that's always a fun phone call to take... "Hey I went to the website on your business card, but my antivirus programs says you aren't safe..."
 
Fix this.  
 
Now.
 
Or please disable it for all your users until you stop lying about a secure website being insecure.
 
Kind regards,
David
 
Hi David,
To your point #1 - this can be corrected by contacting our support team to have them adjust the rating on your website.
 
#2: I appreciate the concern, but it isn't Webroot which is saying that secure websites are insecure. Google has a limitation in their ability to discern content types and there are several other companies in similar situations as evidenced by the Chromium developer blogs.
 
I've spoken with the team and it won't be caused solely by the search result annotation so that change will not correct it. At this point, there is no workaround - the change would need to occur within Chrome to better identify content types and connections, as it affects other software much more broadly than just Webroot.
Userlevel 3
@ wrote:
 
Hi David,
To your point #1 - this can be corrected by contacting our support team to have them adjust the rating on your website.
#2: I appreciate the concern, but it isn't Webroot which is saying that secure websites are insecure. Google has a limitation in their ability to discern content types and there are several other companies in similar situations as evidenced by the Chromium developer blogs.
I've spoken with the team and it won't be caused solely by the search result annotation so that change will not correct it. At this point, there is no workaround - the change would need to occur within Chrome to better identify content types and connections, as it affects other software much more broadly than just Webroot.
#1 - I did that, and they adjusted my rating at brightcloud.com to green, but the extension still lists me as yellow in a google search.  This is Webroot's fault, not mine.
 
#2 - Enabling the Filtering extension causes the gray-padlock-with-warning-triangle on my website. This is a false negative.  Chrome (without the extension) lists it as green.  This is also Webroot's fault, not mine, or Chrome's.
 
If it really is impossible to workaround the padlock thing, then I suggest Webroot disable the extension for all Chrome users until a workaround is possible... or put a pop-up next to every gray-padlock saying that it's not the website's fault... or put an explanation on the screen when people fire up Chrome that they'll never see a green padlock again.  Do something to own this problem, instead of making it look like it's the fault of the website owner.
 
As is, only the handful of people reading this thread understand that the gray-padlock isn't really gray... everyone else is being misled, and for us, it has a real cost.
 
Kind regards,
David
In your code you are opening an http socket for the https page, which causes chrome to give the certificate warning.
Can you not open a local https session instead:
 
/*****************************************************************************
Module: background
Description: Main Processing Script for Chrome Extension
/*****************************************************************************
Property of: Webroot Inc.
Copyright: Webroot Inc. (c) 2013
/*****************************************************************************
Contact: melsaie@webroot.com
Manager: jmayr@webroot.com
Created: 02/10/2013 (mm/dd/yyyy)
*****************************************************************************/

// Initialize User Preferences
urlBlocking = 0;
phishBlocking = 0;
searchAnnotation = 0;
agentPwd = 0;
chromeVersion = 1;
// ---------------------------------- //
// Grab User Preferences from Service //
// ---------------------------------- //
var configRequestMsg = create_config_request();
// Create Socket
var configSocket = new XMLHttpRequest();
// Open Connection (SYNC)
configSocket.open( 'POST', 'http://localhost:27019', false);
 
EDIT: I'm sure it's not as easy as that and there would be localhost certificate errors... but I just wanted to point out the source of the problem.
Userlevel 7
I hate like heck to throw a monkey-wrench into this can of worms; unfortunately, I've been able to re-produce this issue in IE, Firefox, Opera and Chrome.  All using the most up-to-date versions (including all Microsoft patches/fixes).  I'm running Windows 8.1 64-bit..
 
The test sites included my bank and the Webroot community (https://community.webroot.com)
Userlevel 7
Hi Jeff
 
I do not think that there is a question that this can happen with all browsers that you mention but rather that it seems to predominate for most users when using Chrome.  I personally do not have an issue with this given what JOeJ has advised in terms of why it happens and what occurs at that point...and so do not feel vulnerable in any way.
 
May I humbly suggest that if you have indeed managed to gather a seriously useful body of test data and ways of reproducing this issue that you open a Support Ticket and apss this on to the Support Team for further investigtaion, as you may have come across a common causal link that may have eluded  investigations into the issue in specific browsers, when in fact the issue is more generic and resides elsewhere in theWSA  'infrastructure', etc. 
 
Just an idle thought for a Sunday morning? ;)
 
Regards
 
 
Baldrick
Sadly I have to report the same issue with Google Chrome (didn't test other browser).
I was developing a website and scratched my head for hours to fix this then discovered it was a Webroot bug.
You can check on the login page of that site: Star Tech (edit: url corrected for future reference)
You can see the lock with the alert instead of clean lock. Disable webroot extension and it goes green
Userlevel 7
Hi manight
 
Welcome to the Community Forums.
 
Have tried the site you suggested and all I get when using Chrome with WSA enbaled is:
 
 

This webpage is not available

[b]Reload  But one cannot rleaod it...so am at a bit of a loss as to what to suggest.  Do you have another example that works the way you are describing, that we can try? Cheers   Baldrick
Sorry Baldrick is because in the link I posted here it seems the forum app considered a white space at the end... if you clik the link you'll end up in the address with a 20% at the end of the name :) Try to clik here instead it's a correct url
Userlevel 7
No problemo, manight. Thanks for the alternate.  Not sure what is going on but no issues...page displays normally with padlock showing over the green 'W'.  Have I got something wrong/misunderstood something? :$
My Chrome extension settings and how I see the padlock + Chrome console


 
If I disable webroot extension the padlock is green and in the console I don't have the localhost:27029 warning anymore
Userlevel 7
Hi manight
 
Unfortunately you cannot post images until you have reached a certain number of posts.  But I believe that you can include a link to a picture hosting site where you have placed the image...or just post a bit more and then come back to this thread...;)
 
Regards
 
 
 
Baldrick
Userlevel 7
Badge +56
@ wrote:
Hi manight
 
Unfortunately you cannot post images until you have reached a certain number of posts.  But I believe that you can include a link to a picture hosting site where you have placed the image...or just post a bit more and then come back to this thread...;)
 
Regards
 
 
 
Baldrick
I've actually updated the permissions to allow image posting by new members, but they go into an approval queue first to make sure they are ok.
So confusing... I see the image like I was able to post it. Thank you nic.
Anyway here it is:
http://www.hakkar.it/webroot.jpg
Userlevel 7
@ wrote:
I've actually updated the permissions to allow image posting by new members, but they go into an approval queue first to make sure they are ok.
That is awesome!  Thanks Nic 🙂
Userlevel 7
@ wrote:
@ wrote:
Hi manight
 
Unfortunately you cannot post images until you have reached a certain number of posts.  But I believe that you can include a link to a picture hosting site where you have placed the image...or just post a bit more and then come back to this thread...;)
 
Regards
 
 
 
Baldrick
I've actually updated the permissions to allow image posting by new members, but they go into an approval queue first to make sure they are ok.
Thanks, Nic...you are of course quite right...I had completely forgotten this (which I think that you mentioned a little while back)...thanks for the reminder.
 
Regards
 
 
Baldrick
Userlevel 7
Badge +56
Hello and sorry as I didn't read the whole thread can you make sure your Browsers show here and are under protect?
 
Thanks,
 
Daniel 😉
Userlevel 7
Hi manight
 
OK, got you...and in fact as a result was going to recomend what Daniel just advised...but he beat me to it...again...;)
I have identity protection disabled and anti-phihsing enabled and chrome is added to the application
Userlevel 7
Badge +56
Why may I ask? You are losing allot of protection for one and the missing padlock because it's disabled as it has nothing to do with the Browser Extension!
 
Daniel
 

I don't remember why I disabled it but If I'm not wrong it slowed my keyboard typing as hell. I'm a coder and character were falling behind.
 
About the padlock it actually HAS to do with the Webroot browser extension somehow because if I disable the extension I see the green SLL padlock, if I enable the extension there is a injected webroot script that somehow mess up things getting resourcers from localhost on the port you see in the screenshot.
Userlevel 7
Badge +56
The program that you use for coding on Identity Shield add the main EXE to the list but under Allow and re-enable the ID Shield protection and see if that helps?
 
Daniel 
Userlevel 7
Badge +56
Also what Padlock are you talking about? I'm talking about the Webroot Tray Icon 

 
 
This one?
 

Reply