Managing DNS Protection Policies

To review or modify DNS Protection Policies:

  1. Open Manage > Policies.

  2. From the DNS Protection tab, select the Policy that you want to view or modify.

    The Policies page is divided into several sections:

    • Privacy Settings control user privacy settings and the information that is logged.

      • Hide User Information improves privacy by replacing the user name and the domain requested with the word Hidden in the logs. If requests are made in the Security Risk category, the domain is still logged for visibility.

      • Local Echo echoes DNS requests made by the DNS Protection Agent to the local network’s DNS resolver, providing visibility to these requests for your firewall or DNS server. To improve privacy, a DNS resolver can be specified, and requests will only be echoed when it is available.

      • Fail Open avoids a possible DNS interruption if the Webroot DNS resolvers are unavailable by deferring DNS resolution to the local resolver or returning without filtering.

    • Leak Prevention blocks alternate sources of DNS resolution, helping to ensure that all DNS requests are filtered and logged. This feature requires Agent version 4.2 or newer and is only supported on Windows 10 and newer.

      • Standard DNS Requests – When enabled, communication over port 53 TCP and UDP is blocked.

      • DoH Requests – When enabled, communication over port 443 TCP is blocked to known DoH providers.

      • DoT Requests – When enabled, communication over port 853 TCP is blocked.

      • Exclusions – Use this field to enter IP addresses of DNS servers to which communication should not be blocked. Any IP entered will not be blocked by DNS Leak Prevention for Standard DNS Requests, DoH Requests, and DoT requests.

    • Security Settings specify whether to block or allow certain domains.

      • Keyloggers and Monitoring: Domains that include downloads and discussions for software agents that track keystrokes or web surfing habits.

      • Malware Sites: Domains that are known to contain malicious content including executables, drive-by infection sites, malicious scripts, viruses, or Trojans.

      • Phishing and Other Frauds: Domains that are known to pose as reputable sites, usually to harvest personal information from a user. These sites are typically quite short-lived, so examples don’t last long.

      • Proxy Avoidance and Anonymizers: Domains that use proxy servers or other methods to bypass filtering or monitoring.

      • Spyware and Adware: Domains that are known to contain spyware or adware that provides or promotes information gathering or tracking that is unknown to or without the explicit consent of the user. This Policy also includes sites that contain unsolicited advertising pop-ups and programs that may be installed on users' computers.

      • Bot Nets: Domains that are known to be part of a Bot network from which network attacks are launched. Attacks may include SPAM messages, denial of service (DOS) attacks, SQL injections, proxy jacking, and other unsolicited contact.

      • SPAM URLs: Domains contained in spam messages.

    • Content Settings includes categories to control available content.

      • Human Resources Protections

        • Abused Drugs: Domains associated with illegal, illicit, or abused drugs, including legal highs, glue sniffing, misuse of prescription drugs, or abuse of other legal substances.

        • Adult and Pornography: Domains that contain sexually explicit material for the purpose of arousing sexual interest, including domains with adult products such as sex toys and videos. This category also includes online groups domains that are sexually explicit, sites with erotic stories or textual descriptions of sexual acts, sites for adult services such as video conferencing, escort services, and strip clubs, and sites with sexually explicit art.

        • Dating: Domains that focus on establishing personal relationships.

        • Sex Education: Domains that depict information on reproduction, sexual development, safe sex practices, sexually transmitted diseases, sexuality, birth control and contraceptives, tips for better sex, and products used for sexual enhancement.

        • Swimsuits & Intimate Apparel: Domains that show swimsuits, intimate apparel, or other types of suggestive clothing.

        • Gross: Domains that show blood or bodily functions, such as vomit.

        • Nudity: Domains that contain nude or semi-nude depictions of the human body, that may not be sexual in intent but may include things like nudist or naturist sites, nude paintings, or photo galleries of artistic nature.

        • Alcohol and Tobacco: Domains that provide information on, promote, or support the sale of alcoholic beverages or tobacco products and associated paraphernalia.

      • Questionable/Legal

        • Cult and Occult: Domains that provide methods, means of instruction, or other resources that attempt to affect or influence real events using astrology (including horoscopes), spells, curses, magic powers, or supernatural beings.

        • Gambling: Domains that use real or virtual money; domains that contain information or advice for placing wagers, participating in lotteries, gambling, or running numbers; virtual casinos and offshore gambling ventures; sports picks and betting pools; and virtual sports and fantasy leagues that offer large rewards or request significant wagers. Hotels and resort domains that do not enable gambling on the domain are categorized as Lifestyle, Travel or General Information, Local information.

        • Marijuana:Domains that depict marijuana use, cultivation, history, culture, or legal issues.

        • Hacking: Domains that depict illegal or questionable access to or the use of communications equipment/software or domains for the development and distribution of programs that may compromise networks and systems, including domains that avoid licensing and feeds for computer programs and other systems.

        • Weapons: Domains that provide sales reviews and descriptions of weapons such as guns, knives, or martial arts devices, including domains that provide information on accessories or other modifications.

        • Pay to Surf: Domains that pay users in the form of cash or prizes for clicking on reading specific links in emails or webpages.

        • Questionable: Domains that manipulate the browser user experience or client in some unusual, unexpected, or suspicious manner. Also includes get rich quick domains.

        • Hate and Racism: Domains that support hate crime or racist content or language.

        • Violence: Domains that advocate violence, violent depictions, or methods, including game/comic violence and suicide.

        • Cheating: Domains that support cheating and contain materials such as free essays, exam copies, and plagiarism.

        • Illegal: Domains that depict criminal activity including how not to get caught and copyright and intellectual property violations.

        • Abortion: Domains that depict abortion, either pro-life or pro-choice.

      • Social Media/internet Communication

        • Social Networking: Domains that have user communities where users interact, post messages, pictures, and otherwise communicate.

        • Personal Sites and Blogs: Domains that have posted content by individuals or groups, including blogs.

        • Online Greeting Cards: Domains that offer e-cards.

        • Search Engines: Domains that use key words or phrases and return results that include text, websites, images, videos, and files.

        • Internet Portals: Domains that aggregate a broader set of internet content and topics.

        • Web Advertisement: Domains that contain advertisements, media content, and banners.

        • Web based email: Domains offering web-based email and email clients.

        • Internet Communications: Domains offering internet telephony, messaging, VoIP services, WiFi, and related businesses.

        • Dynamically Generated Content: Domains that generate content dynamically based on arguments passed to the URL or other information, such as geo-location.

        • Parked Domains: Domains that host limited content or click-through ads that may generate revenue for the hosting entity, but generally do not contain content useful to the user.

        • Private IP Addresses and URLs: Domains that are assigned to a private domain and IP addresses reserved by organizations that distribute IP addresses for private networks.

      • Shopping

        • Auctions: Domains that support the offering and purchasing of goods between individuals as their main purpose, excluding classified advertisements.

        • Shopping: Domains for department stores, retail stores, company catalogs and other entities that allow online consumer or business shopping and the purchase of goods and services.

        • Shareware and Freeware: Domains that enable downloading free software, open source code, or downloads that request a donation, including screen savers, icons, wallpapers, utilities, and ringtones.

      • Entertainment

        • Entertainment and Arts: Domains that include motion pictures, videos, television, music and programming guides, books, comics, movie theaters, galleries, artists or reviews on entertainment, performing arts (such as theater, vaudeville, opera, or symphonies), museums, galleries, libraries, and artist sites (such as sculpture or photography).

        • Streaming Media: Domains for sales, delivery, or streaming of audio or video content, including domains that provide downloads for such viewers.

        • Peer to Peer: Domains that provide peer-to-peer clients and access, including torrents and music download programs.

        • Games: Domains that are for game playing or downloading, video games, computer games, electronic games, tips and advice on games or how to obtain cheat codes. Also includes domains dedicated to selling board games, journals and magazines dedicated to game playing, support or host online sweepstakes and giveaways, and fantasy sports domains that also host games or game playing.

        • Music: Domains that are for music sales, distribution, streaming, information on musical groups and performances, lyrics, and the music business.

      • Lifestyle

        • Travel: Domains that are for airlines and flight booking agencies, travel planning, reservations, vehicle rentals, descriptions of travel destinations, or promotions for hotels or casinos.

        • Home and Garden: Domains that are about home issues and products, such as maintenance, home safety, decor, cooking, gardening, home electronics, and design.

        • Religion: Domains that are about conventional or unconventional religious or quasi-religious subjects, including churches, synagogues, or other houses of worship.

        • Hunting and Fishing: Domains that are about sport hunting, gun clubs, and fishing.

        • Society: Domains that cover a variety of topics, groups, and associations relevant to the general populace, and broad issues that impact a variety of people, including safety, children, societies, and philanthropic groups.

        • Sports: Domains that are team or conference websites, international, national, college, professional scores and schedules, sports-related online magazines or newsletters.

        • Fashion and Beauty: Domains that show fashion or glamor, magazines, beauty, clothes, cosmetics, and style.

        • Recreation and Hobbies: Domains with information, associations, forums, and publications on recreational pastimes such as collecting kit airplanes; outdoor activities such as hiking, camping, and climbing; specific arts, craft, or techniques; animal and pet related information, training, shows, techniques, and humane societies.

      • Business/Government/Services

        • Real Estate: Domains for renting, buying or selling real estate or properties; tips on buying or selling a home; real estate agents; rental or relocation services and property improvement.

        • Computer and Internet Security: Domains related to computer and internet security and security discussion groups.

        • Financial Services: Domains offering banking services and other types of financial information, such as loans, accountancy, actuaries, banks, mortgages, and general insurance companies, excluding domains that offer market information, brokerage or trading services.

        • Business and Economy: Domains for business firms, corporate websites, business information, economics, marketing, management, and entrepreneurship.

        • Computer and Internet Info: Domains containing general computer and internet information, including technical information. Also includes software as a service (SaaS) domains and other domains that deliver internet services.

        • Military: Domains for the military branches, armed services, and military history.

        • Individual Stock Advice and Tools: Domains that promote or facilitate securities trading and management of investment assets, including market information on financial investment strategies, quotes, and news.

        • Training and Tools: Domains for distance education and trade schools, online courses, vocational training, software training, and skills training.

        • Personal Storage are sites that provide online storage and posting of files, music, pictures, and other data.

        • Government: Domains that are related to government (local, county, state, and national), government agencies, and government services such as taxation, public, and emergency services. Also includes domains that discuss or explain laws of various governmental entities.

        • Content Delivery Networks: Domains that are for the delivery of content and data for third parties, including ads, media, files, images, and videos.

        • Motor Vehicles: Domains that are for car reviews, vehicle purchasing, sales tips, parts catalogs, auto trading, photos, discussion of vehicles, motorcycles, boats, cars, trucks and RVs, and journals and magazines on vehicle modifications.

        • Web Hosting: Domains that offer free or paid hosting services for webpages and information concerning their development, publication, and promotion of websites.

      • General Information

        • Legal: Domains related to legal topics and law firms as well as domains for discussions and analysis of legal issues.

        • Local Information: Domains for city guides and tourist information, including restaurants, area/regional information, and local points of interest.

        • Job Search: Domains that help find employment, tools for locating prospective employers, employers looking for employees, and career search and career placement from schools.

        • Translation: Domains that refer to language translation sites that allow users to see pages in other languages. These domains can allow users to circumvent filtering as the target page’s content is presented within the context of the translator’s URL.

        • Reference and Research: Domains for personal, professional, or educational reference material, including online dictionaries, maps, census, almanacs, library catalogs, genealogy, and scientific information.

        • Philosophy and Political Advocacy: Domains for politics, philosophy, discussions, promotion of a particular viewpoint or stance to further a cause.

        • Educational Institutions: Domains for pre-school, elementary, secondary, high school, college, university, and vocational school, and other educational content and information, including enrollment, tuition, and syllabus.

        • Kids: Domains that are designed specifically for children and teenagers.

        • News and Media: Domains with current events or contemporary issues of the day, including radio stations, magazines, newspapers, headline news domains, newswire services, personalized news services, and weather related domains.

        • Health and Medicine: Domains for general health, fitness, well-being, including traditional and non-traditional methods and topics. Also includes domains with medical information on ailments, various conditions, dentistry, psychiatry, optometry, and other specialties, hospitals and doctor offices, medical insurance, and cosmetic surgery.

        • Image and Video Search: Domains that provide photo and image searches, online photo albums, digital photo exchange, and image hosting.

      • Uncategorized Domains: Domains that Webroot has not categorized in any of the above categories.

    • Additional filtering. Many search engines provide the option to impose a filter that restricts explicit, adult, or inappropriate content. This can be done through DNS by returning the corresponding IP address associated with the filter.

      • When Enable Google SafeSearch is selected, DNS requests for www.google.com are resolved to forcesafesearch.google.com to filter explicit content from the search results.

      • When Enable DuckDuckGo Safe Search is selected, DNS requests for www.duckduckgo.com are resolved to safe.duckduckgo.com to filter adult content from the search results.

      • When Enable Bing SafeSearch is selected, DNS requests for www.bing.com are resolved to strict.bing.com to filter inappropriate content from the search results.

      • When Enable YouTube Restricted Mode l Moderate Mode is selected, DNS requests for www.youtube.com are resolved to restrictmoderate.youtube.com.

      • When Strict Mode is selected, DNS requests for www.youtube.com are resolved to restrict.youtube.com.