Roll out of new web filtering

Discussion in 'Prevx Releases' started by aieie, Oct 15, 2013.

Thread Status:
Not open for further replies.
  1. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,262
    Location:
    Ontario, Canada
  2. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    However 2 x OSX volumes appear to still count as 2 !
    Is that intended on WSAC(Mac) or can I add another "bug" to my list? ;)

    EDIT: Nope my mistake, just rechecked and obviously confused over a beta license on another separate PC - 2 OSX volumes do apparently count as one!
     
    Last edited: Dec 17, 2013
  3. bwb1

    bwb1 Registered Member

    Joined:
    Mar 20, 2010
    Posts:
    113
    Location:
    UK
    Ye Gods, just had another block on Lloyds Bank log in page (claimed might be a phishing site). Thought this had disappeared last November. Unblocked and continued and sent off request to change.
     
  4. Myford

    Myford Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    4
    Location:
    UK
    Hi folks.
    Same here. Lloyds Bank claimed to be a phishing site. reported to Webroot and they claimed I had set Heuristics too high. I have never changed them. Turned off the Filtering Extension in Firefox and the problem "went away".
    John
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Heuristics wouldn't affect this so I don't think you did anything wrong here at all. I'll investigate why this was detected and ensure we lighten up our critique of legitimate banking websites.
     
  6. guest

    guest Guest

    will the web filter is/will-be implemented for Maxthon Cloud browser?
     
  7. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi guest

    I am a Maxthon user but I have to say that given the market share that Maxthon currently has I would doubt it.

    If you would like to request the feature then I urge you to check out the Ideas Exchange section of the Webroot Community Forums site, and if there is not yet such a suggestion then I would recommend you raise one. If one exists then you can show your support for the feature request.

    HTH?

    Regards



    Baldrick
     
  8. guest

    guest Guest

    thanks , i will do it
     
  9. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    Somebody needs to look into whoever told you that. It's embarrassing for any FLE to get that wrong, because new web filtering does zilch with heuristic settings.

    Anyway, go ahead and grab the base portion of the URL it blocked and seek it on Google with "phishing" added. Bet you'll find a warning from 2011 or 2012 or so that the site has an XSS or other vulnerability and was used by phishing because of it. That's what I've found with all my FPs so far. Legitimate positive, but old news.
     
  10. Myford

    Myford Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    4
    Location:
    UK
    Hi Techfox
    The actual note I received is -

    ***

    Hello,

    This Llyods bank link is free on our system.

    I can see from the log files returned with your support ticket that your Webroot program has it's heuristics settings turned up too high.
    Most of the Webroot settings related to heuristics (how 'high' or 'low' protection is set) should only be changed in very rare circumstances. Usually turning these settings up results in adversely affecting legitimate programs.

    To fix this open Webroot SecureAnywhere, click on Advanced Settings, click on Reset to Defaults in the bottom right of the screen and then click on Save.

    Finally scan your machine once to help propagate the settings change.

    Sincerely,

    The Webroot Threat Research Team

    ***

    So, yes it needs looking at!

    John
     
  11. bwb1

    bwb1 Registered Member

    Joined:
    Mar 20, 2010
    Posts:
    113
    Location:
    UK
    Lloyds Bank still blocked today!! All settings at default.
     

    Attached Files:

  12. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    Get the status of a URL on the NEW filter only (FULL URL is best):
    http://www.brightcloud.com/support/lookup.php

    "Correct" way (at last mention, subject to change) to report an FP on the -NEW- filter only:
    http://www.brightcloud.com/support/repchangerequest.php

    That Login URL was previously located at www.lloydstsb.co.uk. The same URL at lloydsbank.co.uk is brand spanking new. Since it looks like the legit lloydstsb.co.uk site, but has zero history and low visits (so far), it's likely for a computer to flag it as potentially bad.
     
  13. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    210
    I thought we were supposed to report FPs on the new filter to this page and not Brightcloud directly?
    http://www.webroot.com/customerSupport/repchangerequest.php

    I also had the problem with Lloyds bank a month or so ago (Lloyds bank split from the TSB part so the new URL). The issue I have is not that it warned on the new fresh URL but that it does not get fixed quickly when reported.
     
  14. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,262
    Location:
    Ontario, Canada
    You can use either as it goes to the same place! Also I don't get any block but I never tried before.

    https://online.lloydsbank.co.uk/personal/logon/login.jsp?WT.ac=PLO0512

    TH
     
  15. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I've had a similar issue on several occasions with www.swedbank.se (also a banking site).

    What was wrong was that the site itself was whitelisted, but the sub-pages were not. Joe fixed the problem as soon as he figured out the issue!
     
  16. bwb1

    bwb1 Registered Member

    Joined:
    Mar 20, 2010
    Posts:
    113
    Location:
    UK
    Are we not supposed to get an outcome email back when we make a report, as the few I have sent have never had one other than the 'Thank you for etc'?
    Did not get a block just now btw!
     
  17. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I don't think we'll always send one back from that submission form - if you write into our support inbox, we will respond.
     
  18. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    210
    The web filter is starting to annoy me with how aggressive/sensitive it is. Exactly what protection do you lose by disabling the Chrome/Firefox extensions? Is it just search icons and blocking of known bad URLs or is it a more fundamental component of the overall protection?
    I already have bad URLs filtered with Adblock, Google, MBAM and, if I wanted to add them, the less aggressive BD Trafficlight & WOT.
     
  19. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    You lose the search icons/URL blocking. Are you seeing anything in particular that could be reported to our support team so that we can work on tuning it better? I felt like the FPs were reducing based on fewer posts, but it's very possible that something has changed in the backend (as it is a dynamic system based on machine learning).
     
  20. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    210
    Thanks for confirming that I don't lose anything extra.

    I have reported a few FPs in the past such as Lloyds Bank (earlier in thread) but I also find that there are many others E.G. just about every VPN provider (still) brings up an alert window (Zenmate, SecurityKISS, Surfeasy, TunnelBear etc.). I reported some initially but must admit I gave up,

    Also a Google search shows a lot of non-green icons on popular sites (that are shown as green in other filters such as BD Trafficlight). I feel that currently it is confusing and with so much highlighted (in different colours) there is too much "noise"....as the saying goes "can't see the wood for the trees". It is also causing confusion with other family members with seeing a lot of warnings.
     
  21. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Thanks - I'll pass this on to the team behind it.
     
  22. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It looks like we have an issue at the moment which is throwing the non-Green icons when it shouldn't be. The team is looking into it as we speak so we should hopefully have some results soon.
     
  23. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,338
    Location:
    Adelaide
    I would suggest that Webroot abandon the idea of web filtering all together. Surely the approach of monitoring files once they've been loaded into memory and rolling back any changes if need be is enough to protect users? I feel the web filtering with its safety rating icons and false positives is adding a needless layer of complexity which may put off potential customers.
     
  24. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    210
    Interesting, but this is longstanding and would it affect the blocking (rather than just coloured search icons) of sites? I'll keep a look out for changes
     
  25. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,102
    Location:
    on my zx10-r
    i hate to admit this especially because i waited so long for the new web filtering but its to sensitive. not only for myself but many calls later from clients are telling me so. i DO NOT want the old one back though no way no how. i HATED the way the old one worked where it killed everything each time. but can we please get some kind of adjustment maybe. or a lower default setting i have many people saying its blocking legit sites that their other av's are just not. some of our clients have multiple av's on various computers and one of our real estate companies we handle said they have had to go onto another pc with another av installed to view a county web site. i tested this site with 5 different av's without a flag at all but webroot blocks it. i sent it in to support. im all for the new way of blocking as i do not want the old one back at all.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.