An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin.
https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/