Hi, I tried to enable DNS protection for a macOS device (v10.15.3 Catalina). I noticed there is only a Windows icon on “Install DNS Protection” settings. Does this mean DNS protection is not yet supported on macOS? I checked the docs but couldn’t find anything about this. Is there a way to manually install the DNS protection agent if it is not possible via the policy settings? Thanks for any help.
Page 1 / 1
Hello @ronnel Welcome to the Webroot Community forum.
I’m not sure of this question you ask about DNS on a Mac computer running Catalina. I’ll ping our forum manager @freydrew to see if he knows.
Thank you,
Dave.
It is possible to protect Macs, but only through the network version of DNS protection. As you noted by the Windows only icon, we have not yet released a Mac agent that allows remote and granular control of DNS. It is actively under development and should be released next quarter.
Hi @freydrew@ProTruckDriver thanks for your reply. I will be waiting for the next quarter’s release.
Cheers
Also Webroot needs to desperately bring back DHCP support on the network level. And support for enforcing DNS when VPN’s are running. A LOT of work to go.
Pull your socks up Webroot and crack the whip. LOL
Cheers
I get this is “solved”, but I wonder…
As per @freydrew (1 year ago), one could protect Macs through the network version of DNS protection. How would I do that for an endpoint that is permanently “at home” and does not have access to anything better than a typical home router?
Also, (1 year ago) a Mac agent had not been released yet for remote and granular DNS control. What is the progress on this?
Thanks in advance.
@norman
So far no sign whatsoever of a MAC Agent for DNS. They’ve really fallen behind in everything MAC related.
It’s a shame really.
It is actively under development and should be released next quarter.
Next Quarter has come and gone over a year ago. @khumphrey
I get this is “solved”, but I wonder…
I have taken the “Solved” off of this thread since I believe it is still in the making for over a year now.
So far no sign whatsoever of a MAC Agent for DNS. They’ve really fallen behind in everything MAC related.
It’s a shame really.
I have to agree with you there @jhartnerd123
I appreciate your responses, thanks!
In the absence of a MAC Agent (app for Mac) for DNS, what is the best practice to protect Macs outside of a corporate LAN. I am talking about ones with no VPN route back to a secure LAN on which there would be a business router (with a fixed public IP), etc.
In other words, how would I establish DNS protection through “the network version” of Webroot DNS protection?
I ask, not only for endpoints which would not have access to anything better than a home router, but also for G Suite users who may with no actual on-premise hardware.
As a test, I would like to corroborate their DNS protection by attempting to visit p.o.r.n.h.u.b.c.o.m on a Mac endpoint, and be presented with a similar message as users would get if they do that on a Windows endpoint.
Sorry for punishing your answers with more questions...
What i’ve done is setup a Linux VPN server in Amazon with a static IP and then add that IP to Webroot’s DNS protection. Then, VPN through that and the filtering works.
But that costs $$ each month above and beyond.
Other than that use another solution than Webroot. It’s taking them waaaay to long to improve and support other platforms for roaming agent while other DNS vendors have roaming agents for various OS’s.
Hi @jhartnerd123,
I appreciate your feedback. I will likely keep Webroot (for business) going on my Windows endpoints, since it feels like their out-of-the-box solution for the Windows platform, fits the bill.
I was leaning towards your VPN solution as a substitute for the missing DNS protection, but I am truly not impressed with how the Webroot SecureAnywhere.app runs on Mac anyway. For instance, the initial WSA scan of my own MBP was a giant PITA. After 36 hours of holding my laptop ransom by sucking every CPU cycle out of it, the initial scan was still going. Since I had configured it not to sleep, this was an uninterrupted stovetop simulation until I broke down and intervened. Once I removed the app, my laptop ran great again...
Then, once I was ready for more testing related torture, I crafted a dedicated macOS policy for my laptop and disabled scheduled scanning completely. I had even done away with and scanning (on bootup), but then that mandatory initial scan kicked in. Again, the consequence was a fresh batch of hell that I could never visit on my clients, unless I want to come across as careless.
I would love to find an alternative Mac platform that has an MSP style management console similar to WSA, and which comes with DNS protection for roaming endpoints.
If anyone knows of one that would not lock me into a fixed license commitment, please share it with me.
-Norman.
Hi, I tried to enable DNS protection for a macOS device (v10.15.3 Catalina). I noticed there is only a Windows icon on “Install DNS Protection” settings. Does this mean DNS protection is not yet supported on macOS? I checked the docs but couldn’t find anything about this. Is there a way to manually install the DNS protection agent if it is not possible via the policy settings? Thanks for any help.
I can’t beleive 3 years on we still don’t have DNS protection for Mac OS