I have set the firewall mode to "Warn if any process connects to the internet unless explicitly allowed".
This seems to be working each time I open a new appliction (that needs network access) I get a popup asking if I should allow it.
So far so good...
However, I noticed in the popup that there is a line stating "Allowing in 60 seconds" and this counts down to 0 and then allows access. After the 60 seconds the dialog box is recreated on the screen and the countdown start again (it does this a couple of times), though after the first 60 seconds the app is granted access.
This does not seem like a secure feature. If a unwated app tries to send information and I am away from the screen, it will be allowed in 60 seconds?
Can anyone confirm that this is the way this works? Is there anyway to change the behavior to not allow the connection by default?
Unless I am not thinking this through clearly, this seems to be completely insecure and goes against the whole point of having WSA asking me to allow connections.
Best answer by JimMView original
You had also asked "Is there anyway to change the behavior to not allow the connection by default?" Yes. The alert options customize how you are notified when processes on your computer connect to the Internet. If you want to ensure that certain processes are always blocked, you can manage them manually in PC Security > Firewall > Network Applications (Advanced) > View Network Applications.
I agree with you in that the default behavior should be to block the connection after the timer is finished counting down. We have a team that is currently looking into this right now and I will post back as soon as I have some more information.
Thank you for bringing this to our attention.
I realize that the firewall in WSA is very simple without many options of control. For my needs I may be better off just disabling it and adding another firewall.
However, in my opinion regarding tihs issue, I think simply changing the deault behavior (after the timeout) is to block access (do not remember the block, so it will ask again next time), is the safe action to take. I would think that this would take very little programming effort.
Thanks for looking at this.
I wanted to let you know that I am currently working on this issue and will reply back to this thread with more information, just as soon as I get it. I totally understand how this aspect of the Webroot Firewall can be confusing and I am going to do my best to find out the best approach here.