PRODUCT UPDATE BULLETIN 28.0 - November 16th 2016
NEW Web Shield & Mac Agent Commands – November 2016
Webroot SecureAnywhere already features many web threat protection layers, including the ability to detect and block malicious and known phishing URLs. In this release we are fully integrating much more of the world-class contextual threat intelligence available from within our Webroot BrightCloud® Threat Intelligence Services. We will be upgrading all business customers, as a no cost upgrade, to latest version of our new Web Threat Shield so they too benefit from the threat intelligence deployed by over 40 other network and security vendors.
The new Web Threat Shield will include the addition of real-time web categorization and web reputation filtering, real-time anti-phishing scanning, improved web search ratings and web blocking notifications. These new capabilities will improve web safety and significantly mitigate the risks from threats like polymorphic phishing URLs and other web-based attacks aimed at Webroot users. They are part of our commitment to continuously enhance the device and user malware prevention and protection efficacy and functionality within our endpoint security.
In addition to the new Web Shield we are also adding improvements to our Mac Agent management, to move closer to the ease of management provided for Windows environments. With Mac Agent version 220.127.116.11 and greater we are upgrading the management console to execute 13 new Mac Agent Commands. (You might be interested to know that the Webroot Mac Agent was recently favorably tested by AV Comparatives in their Mac Security Review/Test 2016 that is available from here: https://www.av-comparatives.org/mac-security-reviews/
- NEW Web Classification Integration - with Webroot BrightCloud® Web Classification and Reputation now delivered through our supported web browsers.
- NEW Real-Time Anti-Phishing Scanning Integration - with Webroot BrightCloud® Real Time Anti-Phishing’s time of request scanning delivered through supported web browsers.
- NEW Search Result Annotations - color coded reputation icons for Google, Bing, and Yahoo search engines.
- NEW Enhanced Web Block Pages - to provide users with more information and add policy controlled user options.
- NEW Apple Mac Agent Commands - receive and execute 13 new Agent Commands previously only available for PC.
- NEW Forced Mac “Poll” option - a new poll option to force a Mac Agent to check-in to your management console and receive data, including any pending policy updates.
- Web Classification and Reputation upgrade
Website requests via a supported browser will now be validated using Webroot BrightCloud Web Categorization and Reputation data. This will offer highly accurate and, ultimately, much safer browsing for end users. We will now automatically block any site categorized by our Webroot BrightCloud Threat Intelligence Services as:
- » Category 49 – Key logger,
- » Category 56 – Malware,
- » Category 57 – Phishing, or
- » Any site where the web reputation score is 20 or lower.
Fig 1. Daily Statistics from BrightCloud Web Classification & Reputation Services.
- Real-Time Anti-Phishing upgrade
When accessed via supported browsers, websites that do not belong to overtly malicious categories will now be checked using the BrightCloud® Real-Time Anti-Phishing Service. This is a step change security enhancement, as it provides real-time site analysis at the time of request, with real-time site analysis scans taking place in typically under a second.
Unlike other solutions this service is delivered in real time, not via outdated URL blacklists or look-up feeds that offer little protection against polymorphic zero-day phishing sites. Real-time anti-phishing is automatically activated when a web site does not belong to web categories 49, 56, or 57 (see above) and it has a score of 21 or higher. Since phishing and spear phishing are particularly successful in breaching networks for malware delivery this new scanning will significantly reduce phishing ransomware and other phishing breaches.
- Search Safety Ratings
Google, Bing & Yahoo search engine users will see annotated search results in supported browsers. Each search result will appear with a colored icon (see Fig 2) to indicate the current reputation of that website.
Additionally, users can now hover over the colored icon to see a tooltip with more information about the reputation of that website. Following the launch of this enhanced functionality, the annotated search feature will be on by default. (This default setting can be changed from within the management console).
Fig 2. Web Reputation – Color vs Risk Scoring Parameters.
Fig 3. Google Search with HIGH RISK Tooltip.
Fig 4. Yahoo Search with MODERATE RISK Tooltip.
- Enhanced Block Pages
The new web inform pages will give users a better experience by providing more information on why a website has been blocked, and being clearer on the actions your users can take when a block occurs. Users will now see a block page containing the following information:
- » A reason for the block, including reputation indicator and site category where applicable.
- » “Get me out of here” option – clickable call to action to navigate the user back to a blank browser page.
- » An option to close the block page and continue to the website (this function is optional, and set to off by default).
- » An option to submit a request for the website to be reviewed by Webroot (this function is optional and set to off by default)
Note: The “Submit a request to Webroot” function has a non-mandatory field for free text feedback.
Fig 5. An example of the new Block Page.
Fig 6. Enhanced block page with page options expanded.
- New Mac Agent Commands
Thirteen Agent Commands for use with Apple Mac OS endpoints are introduced to considerably improve the manageability of Mac endpoints, the new commands are:
- Change scan time,
- Scan a folder,
- Clear Log Files,
- Disable proxy settings,
- Change keycode,
- Log off,
- Reset desktop wallpaper,
- Reset Screen Saver,
- Customer Support Diagnostics,
- Download and run a file,
- Run a DOS (Shell) command
Fig 7. New Apple Mac Agent Commands view.
- If both Mac and PC endpoints are selected at the same time then the PC Agent Command list will be shown in the console.
- We also have retained the Windows term run a DOS command for both PC’s and Mac’s (while the Mac term is properly a ‘Shell Command’).
The following views are within the updated management console UI.
Fig 8. Group Management- Additional Mac Agent Commands.
- New Forced Mac Poll Option
In addition to the new Agent Commands we have also introduced a forced poll option for Mac Agents. This option is particularly useful when you need to ensure that any Mac Agent has checked into the Webroot management console is receiving data, including any pending agent commands or policy revisions.
IMPORTANT NOTE: This option is NOT run from within the Webroot management console or from within Agent Commands. It has to be run from one of your own endpoint management tools.
The syntax for the new command is: sudo /usr/local/bin/WSDaemon –poll