Product Update Bulletin 19.2
Release 19.2 introduces a wide range of interrelated new features and capabilities that considerably enhance the management and overall development of Webroot SecureAnywhere and Global Site Manager (GSM), many of them a result of direct requests from our customers.
We are now making it very easy for administrators to not only group sites, but also to mark-up sites with similar features so they can then be filtered to create new subsets within groups of sites. We are also making it simpler to sort sites using the headings within the sites section of the UI. We are also introducing the concept of suspending and resuming protection, in addition to being able to deactivate a customer, or site. And, until now, deleting administrators was complicated - so we have now made it straightforward to do so at both the GSM and Site levels. Policy application and control has been improved too, with the new option to now apply policies to groups.
Most unique of all we have added a new view called ‘Dwell Time’. This view makes visible for the first time ever in endpoint malware prevention history the time a malware infection was first active, to the time it was last seen, showing just how long it takes Webroot from zero seconds upwards it takes us to remove the threat from the system. Finally, a new data point called ‘ARC’ has been added that gives more information on how the current file determination has been reached. Let’s now look at all of these new introductions in more detail.
NEW – Site Tagging – Global Site Manager administrators need to group their sites together based on a shared attribute, and then be able to view a subset of those sites by selecting one of those attributes. To resolve this desire, we have implemented a new feature known as site “tagging”. This allows an administrator to “tag” a site with any free-form string of information that they want to use.
Simply add ‘tags’ to each site and then view selectively all sites with the same tag
NEW – Site Filtering – Administrators can now filter their site list by using tags too, with any sites that match the selected tag being returned. This allows the administrator to quickly filter their site list in many different was, but return only the sites with the tags they wish to view from the entire list.
Sites returned by filtering on an eu tag
In addition to tags you can also filter by site Name or site Comments too.
NEW – Site Sorting - Another customer feature request has been to have the ability to sort the site list by the various headings. This has now been implemented so administrators are now able to sort the site list by Status, Name, Number of Devices, and Number of Allocated Seats. This makes it far more convenient to bring the information administrators need to the top of their list.
Easily sort sites by ‘Status’; ‘Name’; ’Devices’ and ‘Seats’ headings
NEW – Suspend/Resume Protection - Sometimes a GSM administrator may wish to temporarily disable a site. Currently their only option would be to “deactivate” the site, which expires the keycode, and uninstalls the software from all site endpoints. This isn’t ideal, since if they wish to “re-activate”, then their only option is to create a new site and re-deploy WSA using a brand new keycode. To resolve this problem, we have now implemented the ability to “Suspend” and “Resume” protection for a site.
Suspending protection will now only temporarily expire the keycode, meaning the endpoints will revert into “Detection Only” mode. (The SecureAnywhere software will continue to reside on the endpoints and detect malicious software, but it will not clean-up any malware encountered. Site level administrators access permissions will also be reduced to “View Only” mode when accessing the SecureAnywhere console.) Then, once protection is ready to be re-enabled, the GSM administrator can simply select “Resume Protection”, at which point all that site’s endpoints will return to full clean-up functionality, and access to the SecureAnywhere web console is returned to any site-level only administrator(s).
Simply, quickly and easily suspend and reactivate sites
NEW – Administrator Deletion - Another important feature request has been for the ability to simply delete administrators’ from the SecureAnywhere web console. This feature is now available at both the GSM and Site levels, with the ability to delete administrators’ being available from within both the GSM “Admins” page, and the Site level “Manage Admins” pages.
Delete an Administrator at the GSM level
Delete an Administrator at the Site level
NEW – Group Based Policies - Inside the SecureAnywhere Endpoint Protection console it is now possible to optionally apply policies to Groups.
This offers two significant management benefits:
- If deploying the SecureAnywhere software via the command line, and specifying a Group to install into - then the new endpoint will automatically pick up the Policy, as it was applied to that Group. This is especially useful for Servers or Point of Sale (POS) systems to ensure that these types of critical systems report into a separate Group from all other endpoints, and pick up the correct Server, or POS Policy.
- When moving endpoints between Groups, the option for these endpoints to inherit the Group Policy is now available – rather than having to rely on moving the endpoints, and then also updating their Policy to match that Group.
Now it’s simple to inherit policies using Groups
New Dwell Time – We’ve added a new data point called “Dwell Time” that has been added to all views where malicious or undetermined files are listed. Dwell Time relates to the time a threat has been present on an endpoint device and it is calculated from the first time the file is active, to when the file was last seen.
A Dwell Time of zero seconds means that the file was blocked at first sight. Dwell Times greater than zero seconds mean that the file has been present for a period of time prior to Webroot removing the file from the endpoint. The reasons for this may be because a user has yet to complete the clean-up routine, the file has been re-introduced onto the system after being originally removed, or the file did not display any malicious behaviour at first sight - therefore the file was not immediately classified as malicious.
While a dwell time on an endpoint may exist it’s equally important to understand that SecureAnywhere is constantly monitoring that endpoint and journaling any changes being made by any potentially malicious file activities to be able to roll back those changes. There are also other protection mechanisms in place that ensure the endpoint’s system is protected against malicious attacks - no matter how long the Dwell Time is.
By uniquely delivering and being able to see and understand endpoint Dwell Time’s we believe security administrators are much better placed to fully appreciate the risks associated with every endpoint they have under management, and are also quickly able to see any of those endpoints where clean-up has been disabled.
A new data point showing just how effectively WSA is working
ARC (Agent, Rule, Cloud Determination) - A new data point called ARC – Agent, Rule, Cloud Determination - has now been added to all views where malicious or undetermined files are listed.
This builds upon the existing “Cloud Determination” column – but instead of us simply listing what the current file determination is (Good, Bad, or Undetermined) - now by hovering over this value a breakdown of how this determination was reached is displayed.
This new data point is designed to show the flow from “Agent” through the Webroot “Rule” system, and finally to the Webroot “Cloud” intelligence network, when Webroot is deciding upon a malicious file determination.
More Information on why a file has been categorized as malicious
Copyright of Webroot Inc.