File overrides provide a way for admins to define what files can execute and what files are blocked when using Webroot Business Endpoint Protection.
- File overrides have two types:
- Good file overrides allow a file to execute, regardless of Webroot's cloud classification and are stored in the File Allow List.
- Bad file overrides block a file from executing, regardless of Webroot's cloud classification and are stored in the File Block List.
- File overrides have two scopes:
- Global - apply to all sites configured to use Global overrides.
- Apply to all sites with the setting Use Global Overrides enabled.
- Site only
- Apply to sites or assigned to a site level endpoint policy.
- Site level overrides take priority over global overrides.
- Policy assigned overrides take priority over site level overrides.
- File overrides can be defined:
- Using the MD5 value for a specific file.
- By folder / file path.
- File and folder overrides are supported on Webroot agent version 9.0.1 or later.
- New overrides become active on devices as those devices check-in to the Webroot Management console.
- Apply to Windows devices.
Global Overrides
- Created in the Webroot Management console or the Endpoint Protection console
- Edited and deleted in the Webroot Management console.
- Are applied to all sites that have the Site setting Include Global Overrides enabled.
- Can be created by importing site overrides.
Site Overrides
- Created, edited and deleted in the Endpoint Protection console.
- Only apply to the site they are created in.
- Can be applied to a single endpoint policy, providing very granular control.
- Can be created by importing the Global override list or importing overrides from another site (MD5 only).
Important Note: File Overrides should not be created based on recommendations but rather on testing. For example, if a vendor recommends that certain files be excluded from AV activity for an application, do not just create the overrides. Instead, run the application on a device with the Webroot agent installed
using the Silent Audit policy and see what the agent detects as Bad or Unknown software. Use the information reported to the console to identify Unknown or Bad files associated with the application and create allow overrides for those files.
Webroot operates very differently from traditional antivirus solutions and doesn't impact applications like traditional agents do. Creating unnecessary overrides can cause problems for the Webroot agent.
Here are a couple of example scenarios where file overrides are useful:
- To allow a unique application to run without interference from Webroot. If there is a home grown application that is in use internally, a good or whitelist override will allow that program to run without being removed by Webroot.
- To stop a popular application from running. If users are running a popular application that you want to stop, creating a bad or blacklist override will prevent that application from executing and will move it to quarantine if detected.