Solved

Clearing Threats

  • 11 January 2019
  • 5 replies
  • 1852 views

Badge +3
I am new at using the webroot endpoint security. I had a threat detected on one of my endpoints and I was alerted on the webroot management console dashboard. I clicked on the 1 endpoint protect needs attention to view threat. As usual, it gave me information on the threat and the endpoints affected by the threat. On the very right-hand side, there is a brush icon to clean up the threat. I clicked on to manually clear the threat, all it did was run a scan on that endpoint but it did not remove the threat. The threat is quarantined but it keeps alerting me on the dashboard saying 1 endpoint needs protection. I assumed that I had the ability to manually clear threats on endpoints, but I may be wrong. I had used other endpoint protection software in the past that gave me the ability to manually clear threats on endpoints. If I can get some enlightenment on how threats are cleared, whether if its automatic or manual. I will really appreciate the feedback and responses.
icon

Best answer by coscooper 16 January 2019, 21:30

View original

5 replies

Userlevel 4
Badge +16
If the endpoint's a Mac, Webroot can't remove the threat remotely or from the GSM management console, because reasons. You'll have to manually click-through the Webroot GUI on the Mac itself to remove the file.
We have quite a few Macs with recurring detections for this reason; I've checked with support multiple times, and this is the answer they've given me every time.
Badge +3
Interesting, I don't have any mac computers in my environment at all. I have windows PC's and I can't remove the threat from the GSM management console manually. Has anyone experienced the same issue with windows PC'S???
Badge +3
If the endpoint's a Mac, Webroot can't remove the threat remotely or from the GSM management console, because reasons. You'll have to manually click-through the Webroot GUI on the Mac itself to remove the file.
We have quite a few Macs with recurring detections for this reason; I've checked with support multiple times, and this is the answer they've given me every time.


Interesting, I don't have any mac computers in my environment at all. I have windows PC's and I can't remove the threat from the GSM management console manually. AdamCMorgan, have you experienced the same issue with windows PC'S???
Userlevel 6
Badge +26
@Raj.R - if you're seeing "Needs Attention" listed next to a site there's a chance the agent auto remediated and there's no threat to remove manually. If you select the endpoint computer in the Groups Tab within the management console, there should be a scan log with a status and under the column Status, it should read Threats Detected - View - click the view button and you'll notice these are already quarantined.

This means the agent auto remediated these and there isn't anything else needed. This status will clear after the next scheduled scan.
Userlevel 4
Badge +16
@Raj.R Webroot almost always removes detected threats successfully on our Windows PC's. One of the few exceptions is files that are in the "offline files" cache: Webroot lacks permission to delete those, but you can do it yourself with PSExec. In those cases you also sometimes have to go see if there's a copy of the file on a redirected folder on a fileserver somewhere. Anyway, here's what the filepath for the offline files cache looks like:
code:
%windir%\csc\v2.0.6\namespace\servername\....



I haven't paid attention to the "Needs Attention" warnings in the Sites list for the past year, because so many of them were for Macs detections that never go away. However, support just informed me there's a new policy setting to automatically remove threat detections on Macs, so hopefully there'll be far less of them soon :)

This message is to inform you that Webroot has released an enhancement for the feature request you submitted to include auto threat remediation in our SecureAnywhere Mac agent. All agents running a 9.0.9.x version will have this functionality but a policy change may be required for you to enable this in your environments but it is enabled in our Recommended Defaults policy.

To enable auto threat remediation via policy:

1. Log into your Webroot GSM management console 2. Navigate to the Policies tab at the top 3. Locate the policy you wish to modify 4. From the Policy Section dropdown, select "Scan Settings"
5. Scroll down to "Show Infected Scan Results"
6. Choose "Off" and then click the green Save button

Reply