Webroot Keeps popping up
Phishing attack ahead
even after learning and allowing it keeps getting in the way of viewing my cameras.
I've seen reference to a console, but I don't seem to have one.
Webroot SecureAnywhere is blocking access to my DVR and security cameras. Where can I white-list it
+62Hello ?,
Welcome to the Webroot Community,
Please look here at these PC User Guide articles that can help you with unblocking.
Controlling active processes
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C10_SystemControl/CH10b_ControllingPr...
Blocking/Allowing files
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C5_Quarantine/CH5b_BlockingAllowingFi...
Managing protected applications
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C6_IDProtection/CH6c_ManagingProtecte...
Managing active connections
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C4_Firewall/CH4c_ManagingActiveConnec...
You can also submit a Support Ticket if you need files whitelisted.
Lets try to put into English the essence of the areas where a user can tailor what WSA does to protect the system
There are essentially 3 key areas where this can happen/a user can override WSA. These are essentially reached, from the main WSA panel, as follows:
1. PC Security > Quarantine > Detection Configuration
2. Identity & Privacy > Protected Applications
3. Utilities > System Control > Control Active Processes
and once there the user usually has the options to:
A. "Allow"
B. "Protect/Monitor"
C. "Block/Deny"
In the case of 1. Detection Configuration
If an item is set to:
- "Allow", WSA ignores it during scans and shield actions, meaning if it's a virus that has been allowed, it can continue acting as a virus acts. Be careful of what you allow in this area and ensure it's something you trust implicitly if you are going to change the status from Block to Allow.
- "Monitor", WSA will watch the item to determine if it is legitimate or related to malware. It is not necessary to add files into this list or set files to monitor manually unless you are changing them from a Block or Allow status. This might be useful if for example you think Webroot might have had a false positive on something and you want to check again at a later time to see if the determination has changed. You could set it to Monitor and have Webroot check it again.
- "Block", then WSA will treat the items as it would detected malware. It will not be executed, and it will not be written to your hard drive. Detected infections are automatically set to a Block status.
In the case of 2. Protected Applications (Internet Security & Complete version ONLY)
In this case:
- "Allowed applications" are not secured against information-stealing malware, and also have full access to protected data on the system. Many applications unintentionally access protected screen contents or keyboard data without malicious intent when running in the background. If you trust an application that is currently marked as "Deny," you can change it to "Allow."
- "Protected applications" are secured against information-stealing malware, but also have full access to data on the system. By default, web browsers are assigned to the "protected" status. If desired, you might also want to add other software applications to "protected," such as financial management software. When you run a protected application, the Webroot icon in the system tray displays a padlock.
- "Denied applications" cannot view or capture protected data on the system, but can otherwise run normally.
And finally, in the case of 3. Control Active Processes
If a process is set to:
- "Allow" it means WSA allows it to run on the system. It's important to note that if an item is already allowed here, that's because Webroot knows already from seeing the file before that it's ok to allow.
- "Monitor" status means WSA will journal what that program is doing and keep a very close eye on it for any suspicious activity. Basically it would treat it as if it wasn't already sure about it one way or the other, and it wants to monitor it closely until it's sure about it.
- "Block" means just that...iWSA does not allow it to run on the syste. Be very careful about what you block in this area and ensure that anything you decide to block is a non-essential process. Otherwise, you could be setting yourself up for a lot of grief if you block something critical.
Hope this helps,
Kind Regards,
Welcome to the Webroot Community,
Please look here at these PC User Guide articles that can help you with unblocking.
Controlling active processes
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C10_SystemControl/CH10b_ControllingPr...
Blocking/Allowing files
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C5_Quarantine/CH5b_BlockingAllowingFi...
Managing protected applications
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C6_IDProtection/CH6c_ManagingProtecte...
Managing active connections
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C4_Firewall/CH4c_ManagingActiveConnec...
You can also submit a Support Ticket if you need files whitelisted.
Lets try to put into English the essence of the areas where a user can tailor what WSA does to protect the system
There are essentially 3 key areas where this can happen/a user can override WSA. These are essentially reached, from the main WSA panel, as follows:
1. PC Security > Quarantine > Detection Configuration
2. Identity & Privacy > Protected Applications
3. Utilities > System Control > Control Active Processes
and once there the user usually has the options to:
A. "Allow"
B. "Protect/Monitor"
C. "Block/Deny"
In the case of 1. Detection Configuration
If an item is set to:
- "Allow", WSA ignores it during scans and shield actions, meaning if it's a virus that has been allowed, it can continue acting as a virus acts. Be careful of what you allow in this area and ensure it's something you trust implicitly if you are going to change the status from Block to Allow.
- "Monitor", WSA will watch the item to determine if it is legitimate or related to malware. It is not necessary to add files into this list or set files to monitor manually unless you are changing them from a Block or Allow status. This might be useful if for example you think Webroot might have had a false positive on something and you want to check again at a later time to see if the determination has changed. You could set it to Monitor and have Webroot check it again.
- "Block", then WSA will treat the items as it would detected malware. It will not be executed, and it will not be written to your hard drive. Detected infections are automatically set to a Block status.
In the case of 2. Protected Applications (Internet Security & Complete version ONLY)
In this case:
- "Allowed applications" are not secured against information-stealing malware, and also have full access to protected data on the system. Many applications unintentionally access protected screen contents or keyboard data without malicious intent when running in the background. If you trust an application that is currently marked as "Deny," you can change it to "Allow."
- "Protected applications" are secured against information-stealing malware, but also have full access to data on the system. By default, web browsers are assigned to the "protected" status. If desired, you might also want to add other software applications to "protected," such as financial management software. When you run a protected application, the Webroot icon in the system tray displays a padlock.
- "Denied applications" cannot view or capture protected data on the system, but can otherwise run normally.
And finally, in the case of 3. Control Active Processes
If a process is set to:
- "Allow" it means WSA allows it to run on the system. It's important to note that if an item is already allowed here, that's because Webroot knows already from seeing the file before that it's ok to allow.
- "Monitor" status means WSA will journal what that program is doing and keep a very close eye on it for any suspicious activity. Basically it would treat it as if it wasn't already sure about it one way or the other, and it wants to monitor it closely until it's sure about it.
- "Block" means just that...iWSA does not allow it to run on the syste. Be very careful about what you block in this area and ensure that anything you decide to block is a non-essential process. Otherwise, you could be setting yourself up for a lot of grief if you block something critical.
Hope this helps,
Kind Regards,
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.3), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
Thanks for the helpful info.
However in the trail: PC Security > Quarantine > Detection Configuration
I get so far as Quarantine, then there's nothing like "Detection Config"
Could I have an old version?PC Security > Quarantine > Detection Configuration
However in the trail: PC Security > Quarantine > Detection Configuration
I get so far as Quarantine, then there's nothing like "Detection Config"
Could I have an old version?PC Security > Quarantine > Detection Configuration
Hi BillyHow
Welcome to the Community Forums.
I would very much doubt that you have an old configuration as the 'Detect Configuration' is in fact a reference to an older version of WSA, and the Quarantine function no longer has that option. It think that what was being referred to was in fact:
PC Security > Block/Allow Files
so go there instead and then follow the instructions listed against 1.
However, from what you are saying about the issue appearing when you use your camera I would suspect that the issue resides with the Identity Shield and more specifically in respect to the 2nd location to scrutinise in the instructions provided by Sherry, i.e., in terms of Application Protection.
You can quickly check this by clicking on the Identity Protection tab in the main app panel and one after the other turning off each Shield listed there (click on the sliders displayed, enter the CAPTCHA characters required and that should do it...and don't worry about the change in the colour of the panel...we are only doing this temporarily remember / click again on the slider s to re-enable the Shields after the test).
If in either case of turning off a Shield you try your camera and the message no longer manifests itself then that is the issue and then you should follow the instructions provided by Sherry in relation to:
Identity Protection > Application Protection
I hope that this helps clarifys?
The reference to the Console may be one relating to the online console (here) that each registered WSA user has...but I cannot tell, without the actual detail of the message, why that might be relevant at this stage.
Let us know how you get on and/or if you need further help.
Regards, Baldrick
Welcome to the Community Forums.
I would very much doubt that you have an old configuration as the 'Detect Configuration' is in fact a reference to an older version of WSA, and the Quarantine function no longer has that option. It think that what was being referred to was in fact:
PC Security > Block/Allow Files
so go there instead and then follow the instructions listed against 1.
However, from what you are saying about the issue appearing when you use your camera I would suspect that the issue resides with the Identity Shield and more specifically in respect to the 2nd location to scrutinise in the instructions provided by Sherry, i.e., in terms of Application Protection.
You can quickly check this by clicking on the Identity Protection tab in the main app panel and one after the other turning off each Shield listed there (click on the sliders displayed, enter the CAPTCHA characters required and that should do it...and don't worry about the change in the colour of the panel...we are only doing this temporarily remember / click again on the slider s to re-enable the Shields after the test).
If in either case of turning off a Shield you try your camera and the message no longer manifests itself then that is the issue and then you should follow the instructions provided by Sherry in relation to:
Identity Protection > Application Protection
I hope that this helps clarifys?
The reference to the Console may be one relating to the online console (here) that each registered WSA user has...but I cannot tell, without the actual detail of the message, why that might be relevant at this stage.
Let us know how you get on and/or if you need further help.
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
+35- OpenText Employee
Hello@ wrote:
Webroot Keeps popping up
Phishing attack ahead
even after learning and allowing it keeps getting in the way of viewing my cameras.
I've seen reference to a console, but I don't seem to have one.
I'm not certain if you got this worked out, but since you mentioned a "Phishing attack ahead" this would be related to the URL filtering or Anti-Phishing. You can submit change requests for the URLs here or https://community.webroot.com/t5/forums/replypage/board-id/WSA-AV/message-id/Sumbit A Supprt Ticket so we can get that taken care of for you.
Thanks,
-Dan
Webroot Threat Research
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.