Welcome to Webroot!

Thank you for choosing Webroot for your security needs. As stated in the Service Order or Quote, the following Service Descriptions and Service Levels apply to the Webroot services you have purchased.

Webroot Web Security Service (Only applicable to purchases and renewals made prior to October 22, 2012.)

Service description & service levels

    1. Webroot provides a hosted web security and management service providing ability to scan inbound and outbound web traffic at the Internet level (the "Web Service"). The Web Service includes a common management platform and policy engine and may also contain some of the following elements:

      • Threat Protection Control
      • Access Control/URL Filtering
      • Full Logging
    2. The Web Service is provided twenty-four (24) hours per day, seven (7) days per week from distributed Webroot Web Transaction Centers (WTC) and monitored from Webroot Virtual Network Operation Centers (VNOC)
    3. Customer directs user Web Content to the Webroot WTC by configuring the desktop Web proxy, the Web browser, or a PAC file.
    4. Web Content is scanned based upon policies chosen by Customer, resulting in Web Content being blocked or permitted.
    5. Policies may be applied to source IP addresses or to Users identified by a user name and password. Users may either access the Web from the Customer's Managed IPs or, if roaming access is enabled, from any IP address.
    6. Capitalized terms that are not defined herein shall be as defined in the Master Service Agreement.
    1. Visibility and management of the Web Service is provided via a secure, password protected web interface providing access and visibility to service features, functionality, configuration, reporting and message logs.
    2. Webroot monitors and reports the availability and status of the Web Service and the client message servers.
    3. Customer Support
      1. Customers may raise queries via web, e-mail, or telephone as specified below. Queries will be processed by local support technicians trained to perform in-depth diagnostic and trouble-shooting activities in order to resolve product and service issues as quickly as possible.
      2. Calls may be logged through the following mechanisms:

          Logging Method Logging Mechanism Support
          Web Open a support ticket Normal Working Hours
          Email saassupport@webroot.com Normal Working Hours
          Telephone Australia Support
          Australia Outside
          Germany Support:
          Ireland Support:
          UK Support:
          United States Support:
          1 800 848 307
          +61 (0) 8071 1903
          +44 (0) 808 101 7260
          1 800 902 213
          +44 (0) 808 101 7260
          1 866 254 8400
          24/7 including holidays
          (for Critical and Major Issues)

          Normal Working Hours
          (for Medium and Low issues)

      3. Customer queries will be recorded in a call tracking system and a call reference number will be assigned. Webroot will assign one of the following designations to each query.

          Category Description
          Critical Total service failure (e.g., message loss or severe message delivery disruption, unavailability of management system, browsing capabilities not functioning for all users.)
          Major Significant reduction experienced in system performance or unavailability of a specific business critical function.
          Medium Failure of one or more system functions making use of the systems difficult (e.g., service still running and operational, but not to full capacity).
          Low A problem which is outside of the expected operation of the Service but causes only minor inconvenience to the User, requests for information, service requests, or requests for enhancements.

      4. The times indicated below are the target times for Webroot to respond to or provide a Workaround for an incident. Note that working periods are to be taken within context of the Support Cover period specified below.

          Category Support Cover Support Level Target
          Workaround Time
          Critical 24/7
          < 1 Hour < 6 hours
          Major 24/7
          < 3 Hours < 8 hours
          Medium Normal Working Hours < 8
          Normal Working Hours
          < 5
          Normal Working Days
          Low Normal Working Hours < 24
          Normal Working Hours
          < 7
          Normal Working Days

      5. In the event that a Workaround is not provided within the Target Workaround Time, then the following escalation timings shall apply. Escalation means that the Customer may request access to a more senior member of the organization in relation to the provision of the Workaround.

          Category Escalation Time Support Escalation Manager
          Critical 4 Hours 8 Hours
          Major 6 Hours 12 Hours
          Medium 2 Working Days 5 Working Days
          Low N/A N/A

      6. "Workaround" means any of the following: (i) resolution of the issue through the normal support process; (ii) a temporary by-pass of the issue; (iii) a statement that the issue will be considered for correction in a future upgrade; (iv) a statement that more information is required prior to resolution.

    1. The Web Service load-balances Web traffic across clustered servers deployed in multiple data centers connected to redundant power and Internet feeds. All Web traffic is subjected to protection, management, and compliance policies as per the Customer's subscribed options and settings.
    2. Any capitalized terms not specifically defined herein shall be afforded their meanings as set forth in the Master Service Agreement.
    1. The service levels detailed in this document ("Service Levels") apply to the Web Service only.
    2. The Service Level guarantees will not apply:-
      • if Web Service is lost or degraded due to circumstances beyond Webroot's reasonable control;
      • during periods of scheduled maintenance undertaken by Webroot where the Customer has been notified in accordance with the published policy, which may be updated by Webroot from time to time;
      • during periods of non-availability due to a Force Majeure Event, as;
      • if Customer's applications, equipment, or Internet connection fail;
      • if incorrect configuration information has been supplied by Customer to Webroot;
      • if Customer has not configured the system in accordance with the published "Configuration Guidelines & Policies" which are updated from time to time.
    3. To receive a remedy under this Service Level Agreement ("SLA"), the Customer must submit a written claim request to saassupport@webroot.com within five (5) working days of the end of the calendar month in question, unless otherwise agreed by the parties in writing. Webroot will use trouble tickets and other appropriate records to determine in its sole judgement whether the applicable standard was met.
    4. The Web Service credits described herein are Customer's sole and exclusive remedies for Web Service failure(s), subject always to the limit set forth in Section 3.4.
    1. The Web Service will be available 99.99% during each calendar month.
    2. Web Service "availability" means the ability of one or more of the Webroot' servers to be able to receive, process, and forward Web Content.
    3. Web Service availability is monitored in five (5) minute intervals. Web Service is deemed unavailable if there are two successive failures
    4. In any calendar month, if Web Service unavailability is determined to be greater than 0.01%, then at the request of the Customer, Webroot will credit the Customer account with one (1) additional day of Web Service for each two (2) hour period the Web Service is unavailable, up to a maximum of five (5) days credited in any one (1) calendar month.
    1. The Web Service will provide protection against 100% of all Known Viruses and Known Spyware contained inside HTTP traffic processed by the Web Service.
    2. For the purposes of this SLA, "Spyware" means a software program that is designed to damage or perform an unwanted action on a computer system and shall be limited to the following: keyloggers, Trojan horses, rootkits, backdoors, botnets, and adware that is malicious in intent and designed to mislead the user.
    3. This Virus and Spyware guarantee will apply only if Customer has subscribed to the Threat Protection Control module.
    4. A "Known Virus" means a Virus which has already been identified and for which a Virus definition has been made available by at least one of Webroot's anti-Virus partners at least 30 minutes before the HTTP traffic was processed by the Web Service.
    5. "Known Spyware" means Spyware which has already been identified and for which a Spyware definition has been made available by Webroot or one of Webroot's anti-Spyware partners at least 30 minutes before the HTTP traffic was processed by the Web Service.
    6. Should the Customer's systems be Infected by one or more Known Viruses or Known Spyware variants in any calendar month, then at request of Customer, Webroot will credit the Customer account with one additional (1) month additional of service, provided, however, that Customer notified Webroot in writing within five (5) days of the infection and Webroot was able to validate the infection.
    7. "Infection" is deemed to have occurred if a Virus or Spyware variant contained in HTTP traffic processed by the Web Service was activated within the Customer's systems.
    8. In the event that Webroot identifies a Known Virus or Known Spyware variant but does not stop the affected HTTP traffic, Webroot will promptly notify the Customer, providing information to enable the Customer to identify and delete the affected HTTP traffic. If infection of the Customer's systems is avoided as a result of such notice, then Webroot shall be deemed to have met the Virus and Spyware guarantees. Customer's failure to promptly act on information provided by Webroot will invalidate the Virus and Spyware guarantees.
    9. Notwithstanding the foregoing, the Virus and Spyware guarantees will not apply: (i) if any of the components the Threat Protection Control suite have been disabled by the Customer or by Webroot at request of Customer; (ii) to the extent that a Virus or Spyware variant is contained inside an HTTPS (SSL) encrypted stream; (iii) to the extent that a Virus or Spyware variant is contained inside an un-scannable file such as a password protected or encrypted file; (iv) if infection occurs because an infected file was released or accessed from any storage area either by the Customer or by Webroot at request of Customer; (v) in the event that the Web Service is bypassed by Customer or by Webroot at request of Customer; or (vi) in the event of a deliberate self infection by the Customer.
    1. The Policy Activation Guarantee provides that 99.9% of the time during a calendar month, policy changes entered by the Customer via the web management portal will be activated and applied to live HTTP traffic within five (5) minutes.
    2. Notwithstanding the foregoing, the following changes are explicitly excluded from the policy activation guarantee: (i) changes that rely upon the availability of external Customer-managed infrastructure, including but not limited to LDAP services and HTTP upload CSV services; and (ii) one-off bulk uploads of data sets such as user information.
    3. If the Policy Activation Guarantee is not met in any given calendar month, then at the request of the Customer, Webroot will credit the Customer account with one (1) additional day of Web Service for each two (2) hour period that the policy change guarantee is not met, up to a maximum of five (5) days credited in any one (1) calendar month.