Re: Exclude folders from scanning?

  • 14 July 2012
  • 2 replies

Ugh..well I was trying to get my company off of AVG/Norton/Panda .
I personally run Webroot on 5 personal machines.
Unfortunately the inability to exclude folders ie e:SupportSecurityTools on our customer servers/Terminalservers from scans is a show stopper.
In the real world..users forget passwords to outlook,zip files.. Download crap which does strange things.... We also store software/misc tools for decoding passwords... scanning networks/packet sniffers; Nirsoft tools.... most of which can be considered hacker tools in the wrong hands.
My Techs now hate Webroot because it munches their tools on remote servers. They have to disable Webroot completely (VERY BAD) download the deleted tools... run 'em and then re-enable Webroot.. This costs time/money and frustration.
Only they (techs) have administrator access and Administrator read/execute is required for those special "Tools" directories. If Hacker/virus gets admin access... server is pretty much screwed anyway so the "it opens up a security hole" argument is invalid.
So.. I have egg on my face... and Webroot will never see the revenue from ~500-1500 licenses...This might be chump change for Webroot.. But I am 1 of many companies looking to get away from Bloated/slow/expensvie AV products (I'm not going to mention Panda,AVG,Norton because if you use WebRoot.. you probably have been burned by 'em)
Webroot is a great product from developer point of view. its fast/low memory/fast and low memory :)
... I have a READ ONLY USB stick I keep my "evil tools" from being wiped out by webroot. This doesn't work when server is 300 miles away :<.
I'm hoping Webroot changes its "mind" ... or another similar product comes along which is more repsonsive to customer desires. Even a Checkbox "I am not a dumb A** let me exclude these directories" would work.
Remember #1 rule for a successful ISV is to keep your paying customers happy... they tend to keep forking $$$ over.
I have had to do thing that I feel are technically/philosophically wrong... But I don't make money being "Right" in my mind... I make money by making customers happy… and sometimes. Fixing problems  they create after I warned ‘em not to.

Best answer by JimM 16 July 2012, 17:10

View original

2 replies

Userlevel 7
Hi James,
Now I'm really curious about the security tools being downloaded.  The entirety of Webroot is in the security industry and we have a proliferation of security tools that we use as well, but none of the legitimate utilities we have seen (from password crackers to sniffers to Nirsoft utilities) end up being flagged as malicious unless the copy of the tool that was acquired was infected on top of the security tool or was something that was explicitly a black-hat "security" utility (eg, has no value other than to cause live damage in environments).  You might want to have our threat researchers take a look at the utilities that are being run in this case, if you have not already opened a ticket.
As for exclusions, assuming you're running the Business Endpoint, access to the console allows for granular to global exclusion of any detection, and when set once, it continues to take effect indefinitely.  Since folder exclusions are already a security hole, and socially-engineering a user into adding an exclusion despite any number of warnings from the software is trivial, for the time being, we will continue to encourage more-granular solutions to things that need to be excluded.
Userlevel 7
I took the liberty of moving this to the business forum, since this part of the discussion concerns the business version specifically.
Kit is correct.  I would add that there is an idea in the Ideas Exchange that contains a feature request for the ability to locally batch-whitelist the current contents of a directory, while still allowing for the program to continue keeping an eye on that directory when files are added in the future.  That sounds like it would address your concern.  I would suggest adding your comments and kudos to that idea in order to move it along.  The more popular an idea is, the more likely it is to be implemented.