Product Update Bulletin Global Site Manager 24.0 - March 1st 2016

  • 3 March 2016
  • 0 replies
  • 22 views

Userlevel 7
Badge +56
  • Retired Webrooter
  • 6752 replies
http://sw.nohold.net/Webroot/Images/wsab_endpoint_logo_v2.png

OVERVIEW

This release makes it much faster and easier for an administrator to view devices needing attention and devices that have an encountered a threat by removing the need to navigate to the individual site level. The Global Site Manager (GSM) console now displays which devices currently require attention, have recently encountered infections, and a view of the threats encountered on each device at the console's global sites level.

In addition to exposing this information at a high level within the GSM console we have also made the capabilities to initiate a device clean-up, whitelist, or restore from quarantine a file which has been encountered on any device. This release also contains improvements to the billing user interface and other minor enhancements requests.

GLOBAL SITE MANAGER CONSOLE:
 
  1. NEW – Exposure of device and file information without the need to navigate down to individual site level.
  2. NEW – Ability to initiate device clean up, restore from quarantine or whitelisting without the need to navigate down to individual site level.
  3. NEW – Improvements to the billing user interface and minor console enhancements.
  Sites Page

From the Sites Tab click the “More Info” button alongside each site, and a “Summary Bar” will now appear with two new sections titled “Devices needing attention” and “Devices encountering a threat (last 24 hours).”
 
http://sw.nohold.net/Webroot/Images/consoleupdate240img1.pngFig 1. Sites ‘Summary Bar.’

When clicking the “More Info” button by each site, you will automatically default into the “Devices needing attention” view that immediately requests and displays all devices currently requiring attention due to encountering a malicious file on their most recent scan.
 
http://sw.nohold.net/Webroot/Images/consoleupdate240img2.pngFig 2. Devices Needing Attention.

Clicking “Devices encountering a threat (last 24 hours)” within the new summary bar will immediately request and display all of the devices which encountered a malicious file within the last 24 hours.
 
http://sw.nohold.net/Webroot/Images/consoleupdate240img3.pngFig 3. Devices Encountering a threat (last 24 hours).

Within each row there is also a “Cleanup” option. Clicking on this button will initiate the cleanup command on the selected device, which will force the device to immediately perform a cleanup scan and quarantine any detected threats.
 
http://sw.nohold.net/Webroot/Images/consoleupdate240img4.pngFig 4. Initiate Clean Up.

Note: Cleanup commands can only be initiated by administrators with site “Admin” permissions.

Clicking on any device within “Devices needing attention” or “Devices encountering a threat” will immediately request and display all malicious files encountered on the selected device. This view displays basic information about each file - such as the filename, pathname, malware group, and when it was last seen on this device.
 
http://sw.nohold.net/Webroot/Images/consoleupdate240img5.pngFig 5. Basic information File View.

Within each row, you now have three further options:
 
http://sw.nohold.net/Webroot/Images/consoleupdate240img6.pngFig 6. File Options.

Option 1 – Further File Information

Clicking on the blue link below “Filename” will display further detail about the selected file - such as its MD5, file size, and the malware group it belongs to.
 
http://sw.nohold.net/Webroot/Images/consoleupdate240img7.pngFig 7. Further File Information.

Option 2 – Whitelist

Clicking on the Whitelist http://sw.nohold.net/Webroot/Images/consoleupdate240img10.png button under the “Actions” column will add this file to the GSM whitelist. This whitelisted file can then be used by any of your other Sites that have the “Global Overrides” option enabled within their settings. Creating a whitelist entry will override the current “Bad” determination associated with the file – marking it as “Good” – meaning all devices encountering this file will allow it to run instead of blocking it.
 
http://sw.nohold.net/Webroot/Images/consoleupdate240img8.pngFig 8. Whitelist.

Note: Whitelist entries can only be created by GSM “Super Admins” with the associated “Admin” permission for the site and all Whitelist entries are disabled for all Mac files.

Option 3 – Restore from Quarantine

Clicking on the ‘Restore’ http://sw.nohold.net/Webroot/Images/consoleupdate240img11.png button under the “Action” column will allow a command to be sent to the selected endpoint to restore this file from quarantine. This is particularly useful if an endpoint has incorrectly blocked and quarantined a file. It will place the file back in its original location, plus the device will no longer block the file from running.
 
http://sw.nohold.net/Webroot/Images/consoleupdate240img9.pngFig 9. Restore from quarantine.

This only affects a selected machine, so if a file has been quarantined on many machines it would be better to whitelist the file, and then ensure the affected site has “Global Overrides” enabled. This would ensure the file is allowed to run on all site machines and not be automatically quarantined.

Note: Restore from quarantine functionality is not available for Mac files.

0 replies

Be the first to reply!

Reply