Managing global file overrides for Webroot Business Protection

Global file overrides are used by Webroot Business Endpoint Protection to determine what files are allowed to execute - good overrides - and what files are blocked from execution - bad overrides.

Global file overrides:

Used by all sites that have the setting Include Global Overrides enabled.
Best used when you have overrides that you need to apply to your entire organization or to all client sites.
Managed in the Webroot Management console.

The other type of override available are site level overrides. Site level file overrides are only applied to a single site and are a way to create overrides with limited scope. They take precedence over global overrides and are managed in the Endpoint Protection console. Site level overrides can be applied to an endpoint policy, further limiting their scope to only being used by devices using that policy.

For more information about file overrides, see:

Click a topic for more information.

+Adding a global file override

Log in to the Webroot Management console.
In the left nav bar, click Overrides.
Choose the override (block or allow) to add:
- To add an allow file override, in the top menu, select File Allow List.
- To add a block file override, in the top menu, select File Block List.
At the top of page, click Add, which opens the New Allow/Block List Entry window.
In the New Allow/Block List Entry window:
- Provide a Name / Description for the override.
- Use the Override Type radio drop-down menu to select the Override Type:
  - MD5
  - Folder / File
- For MD5 overrides:
  - In the MD5 box, enter the MD5 value for the file.
  - For help finding the MD5 value of a file, click here.
- For Folder / File overrides, enter or make selections for:
  - File Mask (optional): Target a file or group of files by specifying a file mask with optional wildcards. For example, *.exe to target all executable files in the selected folder.
  - Path / Folder Mask: The folder to target for the override. You can specify an absolute path or use a system variable. To see a list of supported system variables, enter a % into the Path / Folder Mask box.
    
    Note: System environment variables may differ from system to system and should be confirmed before being used.
  - Include Sub-folders check box: If checked, will apply the override to the current folder and any sub-folders.
  - Detect if Malicious check box (only available for allow overrides): When checked, monitoring and journaling will be disabled, but the agent will continue to monitor the location for malicious file activity. If malicious files are detected, they will be remediated according to the policy settings. If unchecked, files in this location will be allowed to execute without Webroot protection.
Click Create to create the new override.
New overrides become active on devices as those devices check-in to the Webroot Management console.
- You can force devices to check-in when needed or change the polling interval to force devices to check-in more frequently.

+Importing overrides from a site to create global file overrides

You can import MD5 overrides from a site to create global overrides. This is helpful if you used a site to create overrides for a commonly used application and want to use those overrides for other sites.

Log in to the Webroot Management console.
In the left nav bar, click Overrides.
Choose the override (block or allow) to import:
- To import allow file overrides, in the top menu, select File Allow List.
- To import block file overrides, in the top menu, select File Block List.
At the top of page, click Import, which opens the Import Overrides (MD5 Only) window.
In the Import Overrides (MD5 Only) window:
- Site to import overrides from drop-down menu: Select the site to import overrides from.
- Remove Redundant Overrides check box: When checked, will not create an override that already exists.
- Overwrite Existing Overrides check box: When checked, if a duplicate override exists, it will be overwritten by one in the import list.
- Include Policy Bases Overrides check box: When checked, any overrides associated with a specific policy are imported.
Click Import to complete the process.
Imported overrides become active on devices as those devices check-in to the Webroot Management console.
- You can force devices to check-in when needed or change the polling interval to force devices to check-in more frequently.

+Editing a global file override

Some elements of an override can be modified, but not all. In some cases, deleting the override and re-creating it may be necessary to update it.

Log in to the Webroot Management console.
In the left nav bar, click Overrides.
Choose the override (block or allow) to edit:
- To edit an allow file override, in the top menu, select File Allow List.
- To edit a block file override, in the top menu, select File Block List.
Click an override to display its details in the right pane.
Each type of override has different details that can be updated:
- MD5 value overrides
  - Name / Description: name and description of the override
  - Determination radio button: Allows you to change the determination from Good to Bad or Bad to Good.
    - If changed, the override will move to the appropriate list, Good overrides in the File Allow List, Bad overrides in the File Block List.
- Folder / File overrides
  - Name / Description: name and description of the override
  - File Mask (optional): Target a file or group of files by specifying a file mask with optional wildcards. For example, *.exe to target all executable files in the selected folder.
  - Path / Folder Mask: The folder to target for the override. You can specify an absolute path or use a system variable. To see a list of supported system variables, enter a % into the Path / Folder Mask box.
  - Include Sub-folders check box: If checked, will apply the override to the current folder and any sub-folders.
  - Detect if Malicious check box (only available for allow overrides): When checked, monitoring and journaling will be disabled, but the agent will continue to monitor the location for malicious file activity. If malicious files are detected, they will be remediated according to the policy settings. If unchecked, files in this location will be allowed to execute without Webroot protection.
Once the changes have been made, click Save to complete the update process.
Updates to overrides become active once devices check-in to the Webroot Management console.
- You can force devices to check-in when needed or change the polling interval to force devices to check-in more frequently.

+Deleting a global file override

Log in to the Webroot Management console.
In the left nav bar, click Policies.
Choose the override (block or allow) to delete:
- To delete an allow file override, in the top menu, select File Allow List.
- To delete a block file override, in the top menu, select File Block List.
Find and click the override to delete.
At the top of the screen, click Delete, which opens the Delete Entry window.
In the Delete Entry window, click Confirm Delete.
Deleted overrides are removed from devices as they check-in to the Webroot Management console.
- You can force devices to check-in when needed or change the polling interval to force devices to check-in more frequently.

If you need additional assistance with file overrides, please contact Support.

Thanks for your feedback!