Skip to main content

Webroot Filtering Extension (Chrome) no more Green Padlocks


Enabling Webroot Filtering Extension causes safe "green padlock" sites to report a message that states "this page includes other resources that are not secure".  This image should explain everything.
 

80 replies

MikeR
  • Retired Webrooter
  • 1455 replies
  • October 25, 2013
This functionality could be possible in the future. You can submit a New Idea if you would lilke and we will see other opinions on it.

shorTcircuiT
Gold VIP
  • Gold VIP
  • 7721 replies
  • October 25, 2013
I can't see the pic.. can a Mod approve it?
 
I am guessing though that it is the same one that I see... not the green padlock but the gray one with a yellow triangle.
 
Personally, I like it as I can easily tell the difference between a page in which ALL content is delivered from a secure server and which content, while OK, is not derived from the same source.

  • Author
  • New Voice
  • 8 replies
  • October 31, 2013
Ok... it seems like I didn't explain my point well.
 
 
The gray-padlock-with-yellow-triangle is a native part of Chrome.  You can see that icon when you go to a website that is SSL secure, but, say, embeds an image or banner or something from another server that isn't SSL secure.
 
The green padlock is a native part of Chrome.  You see that icon when you go to a website where every element on the webpage (images, javascript, etc) is local to the secured SSL server.
 
 
The issue is that I never see any green padlocks when Webroot Filtering Extension is enabled.  The extension acts as "something on the page that's embedded from another server".  Thus, I can never tell the difference between a 100% secured website and once that's only partially secure.
 
Since I own and run an insurance website, I would very much like users to see the green padlock on my site.  But if they have Webroot Filtering enabled, they'll only see the partially-secure icon... and it looks like it's my company's fault we're not 100% secure.
 
Kind regards,
David

pegas
Gold VIP
  • Gold VIP
  • 1445 replies
  • October 31, 2013
@ wrote:
Ok... it seems like I didn't explain my point well.
 
 
The gray-padlock-with-yellow-triangle is a native part of Chrome.  You can see that icon when you go to a website that is SSL secure, but, say, embeds an image or banner or something from another server that isn't SSL secure.
 
The green padlock is a native part of Chrome.  You see that icon when you go to a website where every element on the webpage (images, javascript, etc) is local to the secured SSL server.
 
 
The issue is that I never see any green padlocks when Webroot Filtering Extension is enabled.  The extension acts as "something on the page that's embedded from another server".  Thus, I can never tell the difference between a 100% secured website and once that's only partially secure.
 
Since I own and run an insurance website, I would very much like users to see the green padlock on my site.  But if they have Webroot Filtering enabled, they'll only see the partially-secure icon... and it looks like it's my company's fault we're not 100% secure.
 
Kind regards,
David
You're fully correct. When the extension is enabled it surpasses a native green padlock of browsers (in my case Opera Chromium) and it faces like a https site is only http. However if you click on the globe, you will see certificate what does mean that the site is indeed https.
 
I have had a remote session with @ a couple of days ago and one of the issues he tried to troubleshoot was this one. Having examined this problem Lucas said that it is only a cosmetic hitch but Webroot will look into it more deeply to find a fix.
 
So, hopefully we will get back the green padlocks even if the extension is enabled.

explanoit
Silver VIP
Forum|alt.badge.img+6
  • Silver VIP
  • 580 replies
  • October 31, 2013
This is an unacceptable issue that Webroot needs to address immediately. It prevents users from verifying the security of their web sessions as they are taught to do.

pegas
Gold VIP
  • Gold VIP
  • 1445 replies
  • November 1, 2013
@ wrote:
This is an unacceptable issue that Webroot needs to address immediately. It prevents users from verifying the security of their web sessions as they are taught to do.
I have to agree. I didn't realize that not all users are so skilled to find another way how to verify the site is SSL secured. You're right that if users will not see the green padlock they can start to panic.
 
I appeal on Webroot to resolve this issue as soonest, for their own good!

pegas
Gold VIP
  • Gold VIP
  • 1445 replies
  • November 11, 2013
@ or @ or @ 
 
Any progress in fixing this bug? ETA?

MikeR
  • Retired Webrooter
  • 1455 replies
  • November 11, 2013
I was not able to reproduce this issue and we are not seeing this as a common occurence. Are you on 8.0.4.24 and is Google Chrome listed as Protected under Identity Protection and then Application Protection?
 
If you are in fact on .24 and Chrome is listed as Protected - Please submit this to the Support System so that we can begin to collect more info.

pegas
Gold VIP
  • Gold VIP
  • 1445 replies
  • November 11, 2013
Mike thx for reply but sorry I won't open a new ticket to get in the queue. I had a remote session with Lucas recently who confirmed the issue. The same observed David and explanoit, pls reread this thread.

The ball is on your side.

MikeR
  • Retired Webrooter
  • 1455 replies
  • November 12, 2013
If he has already reproduced the issue with you, he will take care of creating a ticket. I'll touch base with him tomorrow.

  • New Member
  • 6 replies
  • January 31, 2014
Same issue here...I enabled the Webroot extension and my familiar green padlock is gone.  I have had to disable the extension to be readily certain of the secured connection---cosmetic or not, it's a bad thing to have insecure content on the page.  Why is the webroot extension considered "insecure content"?  Can you not do something so that it passes muster like other extensions?

MikeR
  • Retired Webrooter
  • 1455 replies
  • January 31, 2014
Chrome displays the yellow triangle/padlock when it is an SSL site, but insecure content is detected. Our Web Filtering communicates with WSA over the local host and Chrome regards that http traffic as insecure.

does this mean we are to disable or accept this filtering.

  • New Member
  • 6 replies
  • January 31, 2014
Is there no workaround on this?  It appears that I have no choice but to disable the extension, because I have no way of knowing if the Webroot extension is the ONLY content on the page that is being considered insecure, and not some other malicious item as well.  I need to know for a certainty that ALL the content is secure.

  • OpenText Employee
  • 46 replies
  • January 31, 2014
This is an unavoidable behavior because Webroot changes the content of search result pages by injecting content into them for the search result annotation. This will happen with any product analyzing search pages (unless they're lying to Chrome) but it doesn't affect performance or the behavior of Chrome.
 
Let me know if you have any questions!

RetiredTripleHelix
Gold VIP
Forum|alt.badge.img+56
Hi Joe,
 
So this is a Chrome issue and are Firefox & IE affected by this as I don't use Chrome?
 
Thanks,
 
Daniel 😉

  • OpenText Employee
  • 46 replies
  • January 31, 2014
@ wrote:
Hi Joe,
 
So this is a Chrome issue and are Firefox & IE affected by this as I don't use Chrome?
 
Thanks,
 
Daniel ;)
 
Correct, this is only going to happen on Chrome (partly due to their sandboxing).

RetiredTripleHelix
Gold VIP
Forum|alt.badge.img+56
@   And there is no possible work around now and how about for the future? Just in case someone asks!
 
Thanks,
 
Daniel 😉

  • OpenText Employee
  • 46 replies
  • January 31, 2014
@ wrote:
@   And there is no possible work around now and how about for the future? Just in case someone asks!
 
Thanks,
 
Daniel ;)
 
At the moment, Chrome does not have any workaround available for it. I'm checking if we could limit it to only search result pages (from the posts it sounds like it's happening on other pages as well - can someone confirm?)
 
Thanks!

  • New Member
  • 6 replies
  • January 31, 2014
Yes, it happens on all https pages that I've tried (banking sites, paypal, my own secured website, etc).  This is problematic for us web developers, as someone else has already mentioned, because it makes sites that we maintain look like we've got content problems in our pages---when accessed by Webroot users---when we really don't.  
 
The only solution I have found is to disable the Webroot extension, making my machine's SecureAnywhere solution less complete.  But doing so doesn't solve the problem of any other Webroot users accessing my website arriving at the false impression that my  site has a security issue. 😞  I do wish there were some sort of workaround.
 
 

  • OpenText Employee
  • 46 replies
  • January 31, 2014
@ wrote:
Yes, it happens on all https pages that I've tried (banking sites, paypal, my own secured website, etc).  This is problematic for us web developers, as someone else has already mentioned, because it makes sites that we maintain look like we've got content problems in our pages---when accessed by Webroot users---when we really don't.  
 
The only solution I have found is to disable the Webroot extension, making my machine's SecureAnywhere solution less complete.  But doing so doesn't solve the problem of any other Webroot users accessing my website arriving at the false impression that my  site has a security issue. 😞  I do wish there were some sort of workaround.
 
 
Could you try disabling search result annotation under the Firewall settings and see if that fixes it?

  • New Member
  • 6 replies
  • January 31, 2014
Where is this setting?  I don't see it in the Webroot console on my machine, and there doesn't seem to be any settings for the Webroot filtering extension.  Just for kicks I looked for a similar setting in Chrome, but don't see one there either.  Am I overlooking something?

RetiredTripleHelix
Gold VIP
Forum|alt.badge.img+56
It's the second box down on this page just uncheck and save: http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C4_Firewall/CH4b_ChangingFirewallAlertSettings.htm
 
Daniel 😉

  • New Member
  • 6 replies
  • January 31, 2014
Okay, I changed that setting, then tried paypal and a banking site, as well as refreshing this page.  They all go green for a second or two, then it switches to the warning icon.  

RetiredTripleHelix
Gold VIP
Forum|alt.badge.img+56
@ wrote:
Okay, I changed that setting, then tried paypal and a banking site, as well as refreshing this page.  They all go green for a second or two, then it switches to the warning icon.  
Did you restart Chrome? Try playing with the settings and see if anything works and reply back.
 
Thanks,
 
Daniel

Reply