This solution addresses Webroot SecureAnywhere Business – Endpoint Protection
The Realtime shield blocks known threats that are listed in Webroot's threat definitions and community database. If the shield detects a suspicious file, it opens an alert and prompts you to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage to your managed endpoint or steals its information.
Realtime shield settings are controlled by policy which is configured in the management console. More information on changing policy settings is available in the user guide
Realtime shield settings
Realtime Shield Enabled
Turns the Realtime shield on and off.
Enable Predictive Offline Protection from the central Webroot database
Downloads a small threat definition file to your managed endpoints, protecting them even when they are offline. We recommend that you leave this setting on.
Remember actions on blocked files
Remembers how the user responded to an alert (allowed a file or blocked it) and will not prompt again when it encounters the same file. If this setting is deselected, SecureAnywhere opens an alert every time it encounters the file in the future.
Automatically quarantine previously blocked files
Opens an alert when it encounters a threat and allows the user to block it and send it to quarantine. If this setting is off, the user must run a scan manually to remove a threat.
Automatically block files when detected on execution
Blocks threats and sends them to quarantine. If this setting is off, the user must respond to alerts about detected threats.
Scan files when written or modified
Scans any new or modified files that are saved to disk. If this setting is off, it ignores new file installations (however, it still alerts the user if a threat tries to launch).
Block threats automatically if no user is logged in
Stops threats from executing even when managed endpoints are logged off. Threats are sent to quarantine without notification.
Show realtime event warnings
Opens an alert when suspicious activity occurs.
Show realtime block modal alerts
Shows alerts when Heuristics detects malware, and prompts the user to allow or block the action.
: This setting must be set to "on" if Heuristics is set to "Warn when new programs execute that are not known good." Otherwise, users will not see the alert.
Show realtime block notifications
Shows a tray notification if the Realtime shield detects malware. If this setting is off, there is no tray notification, but malware is blocked and the home page shows that threats were detected.