Site level file overrides are used by Webroot Business Endpoint Protection to determine what files are allowed to execute - good overrides - and what files are blocked from execution - bad overrides.
Site level file overrides:
The other type of override is the Global file override. They are best used when you have overrides that you need to apply to your entire organization or to all client sites. Global file overrides are applied to all sites that have the setting Include Global Overrides enabled and are managed in the Webroot Management console.
For more information about file overrides, see:
Click a topic for more information.
+Adding a site level file override
+Importing file overrides to a site from the Webroot Management console or another site
+Editing a file override
+Deleting a file override
If you need additional assistance with file overrides, please contact Support.
Site level file overrides:
- Are applied to a single site.
- Take precedence over global overrides.
- Can be applied to an endpoint policy to further limit scope - policy assigned file overrides take precedence over global and site file overrides.
- Are managed in the Endpoint Protection console.
The other type of override is the Global file override. They are best used when you have overrides that you need to apply to your entire organization or to all client sites. Global file overrides are applied to all sites that have the setting Include Global Overrides enabled and are managed in the Webroot Management console.
For more information about file overrides, see:
Click a topic for more information.
+Adding a site level file override
- Log in to the Webroot Management console.
- In the left nav bar, select Sites List and find the Site you want to create an override for. You can also use the box at the top of the page to search for a Site by name.
- On the right side of the screen under the Subscriptions column, hover your mouse over E and click the rectangular icon with the arrow pointing to the upper right. This opens the Endpoint Protection console.
- In the top menu, click Overrides then select the File & Folder Overrides tab.
- Choose the override (block or allow) to add:
- To add an allow file override, in the top menu, select the Whitelist tab.
- To add a block file override, in the top menu, select the Blacklist tab.
- At the top of page, click Create, which opens the Create override window.
- In the Create override window:
- Provide an Override Name.
- Override Type section
- Use the Override Type radio buttons to select the Override Type:
- MD5
- Path / File
- For MD5 overrides:
- In the MD5 box, enter the MD5 value for the file.
- In the MD5 box, enter the MD5 value for the file.
- For Path / File overrides, enter or make selections for:
- File Mask (optional): You can enter a specific file name or use a wildcard to apply the override to all files of a certain type (e.g. *.exe to target all executable files). If left blank, will apply to all files in the path/folder.
- Path / Folder Mask: The folder to target for the override. You can specify an absolute path or use a system variable. To see a list of supported system variables, enter a % into the Path / Folder Mask box.
Note: System environment variables may differ from system to system and should be confirmed before being used. - Include Sub-folders check box:
- Checked - Applies the override to the current folder and any sub-folders.
- Unchecked - Only applies to the directory specified and not to sub-directories.
- Detect if Malicious check box:
- Checked - monitoring and journaling is disabled, but the agent will continue to monitor the location for malicious file activity. If malicious files are detected, they are remediated according to the policy settings.
- Unchecked - files in this location are allowed to execute without Webroot protection.
- File Mask (optional): You can enter a specific file name or use a wildcard to apply the override to all files of a certain type (e.g. *.exe to target all executable files). If left blank, will apply to all files in the path/folder.
- Use the Override Type radio buttons to select the Override Type:
- Apply globally or to a policy section
- Global (GSM) Override checkbox: If checked, a global file override is created, if left unchecked a site override is created. Global overrides are managed in the Webroot Management console.
- Apply to a policy radio button: If Yes is selected, a drop down menu will appear. Use that to select the policy to assign the override to. Note: Assigning overrides is only available for site overrides, global overrides cannot be assigned to a policy.
- Global (GSM) Override checkbox: If checked, a global file override is created, if left unchecked a site override is created. Global overrides are managed in the Webroot Management console.
- Provide an Override Name.
- Click Save to create the file override.
- New overrides become active on devices as those devices check-in to the Webroot Management console.
- You can force devices to check-in when needed or change the polling interval to force devices to check-in more frequently.
+Importing file overrides to a site from the Webroot Management console or another site
Note: MD5 overrides can be imported, but not path / file overrides.
- Log in to the Webroot Management console.
- In the left nav bar, select Sites List and find and click the Site you want to create an override for. You can also use the box at the top of the page to search for a Site by name.
- On the right side of the screen under the Subscriptions column, hover your mouse over E and click the rectangular icon with the arrow pointing to the upper right. This opens the Endpoint Protection console.
- In the top menu, click Overrides then select the File & Folder Overrides tab.
- Choose the override (block or allow) to import:
- To import an allow file override, in the top menu, select the Whitelist tab.
- To import a block file override, in the top menu, select the Blacklist tab.
- At the top of page, click Import, which opens the Import Overrides (MD5s only) window.
- In the Import Overrides (MD5s only) window:
- Site to import overrides from drop-down menu: Use to select where to import overrides from.
- Select GSM to import global overrides
- Select a site to import from that site
- Remove Redundant Overrides check box: When checked, will not create an override that already exists.
- Overwrite Existing Overrides check box: When checked, if a duplicate override exists, it will be overwritten by one in the import list.
- Include Policy Bases Overrides check box: When checked, any overrides associated with a specific policy are imported.
- Site to import overrides from drop-down menu: Use to select where to import overrides from.
+Editing a file override
Tip: Some elements of an override can be modified, but not all. Because of this, deleting an override and re-creating it may be necessary to update it.
- Log in to the Webroot Management console.
- In the left nav bar, select Sites List and find and click the Site you want to create an override for. You can also use the box at the top of the page to search for a Site by name.
- On the right side of the screen under the Subscriptions column, hover your mouse over E and click the rectangular icon with the arrow pointing to the upper right. This opens the Endpoint Protection console.
- In the top menu, click Overrides then select the File & Folder Overrides tab.
- Choose the override (block or allow) to modify:
- To edit an allow file override, in the top menu, select the Whitelist tab.
- To edit a block file override, in the top menu, select the Blacklist tab.
- Find the override to edit and double-click it.
- When editing an MD5 override, these options can be modified:
- Override Name
- Global (GSM) Override check-box: If checked, the site override will be deleted and a global override will be created in the Webroot Management console.
- When editing a File / Folder override, the settings that can be modified depend on the type of override - MD5 or path / file. More information on the settings is available in the Adding a site level file override section above:
- Override Name
- File Mask (optional)
- Path Mask
- Include Sub-folders check-box
- Detect if Malicious radio button
- Global (GSM) Override check-box: If checked, the site override will be deleted and a global override will be created in the Webroot Management console.
- When editing an MD5 override, these options can be modified:
- Click Save to complete the process.
- Updates to overrides become active once devices check-in to the Webroot Management console.
- You can force devices to check-in when needed or change the polling interval to force devices to check-in more frequently.
+Deleting a file override
- Log in to the Webroot Management console.
- In the left nav bar, select Sites List and find and click the Site where you want to delete an override. You can also use the box at the top of the page to search for a Site by name.
- On the right side of the screen under the Subscriptions column, hover your mouse over E and click the rectangular icon with the arrow pointing to the upper right. This opens the Endpoint Protection console.
- In the top menu, click Overrides then select the File & Folder Overrides tab.
- Choose the override (block or allow) to delete:
- To delete an allow file override, in the top menu, select the Whitelist tab.
- To delete a block file override, in the top menu, select the Blacklist tab.
- Check the box for the override and click Delete, which opens the Confirm Delete window.
- In the Confirm Delete window, click Yes.
- Deleted overrides will take affect for devices as they check-in to the Webroot Management console.
- You can force devices to check-in when needed or change the polling interval to force devices to check-in more frequently.
If you need additional assistance with file overrides, please contact Support.
Thanks for your feedback!
Powered by noHold, Inc. U.S. Patent No. 10,659,398
All Contents Copyright© 2024