Knowledge Base

Scanning archived files with Webroot Business Endpoint Protection

  • 10 July 2019
  • 0 replies
  • 17 views
Scanning archived files with Webroot Business Endpoint Protection
Userlevel 3
Badge +15
Webroot Endpoint Protection is capable of scanning archived files for latent threats, but does not do so during normal scans. This is because the agent, by design, will catch any malicious files when they execute. This decision drastically reduces the amount of time it takes to complete scans.

If there is a need to scan archived files for malware, a full scan is required and the scan setting of Scan archived files needs to be enabled in the endpoint policy assigned to the device. This endpoint policy setting is enabled in the Recommended Defaults policy and more information on enabling this policy setting is available at the bottom of this article.

To start a full scan from the management console:
1. Log into the Webroot management console.
2. Open the Endpoint Protection console.
  • For MSP consoles: in the Sites tab, click the site name.
  • For Business consoles: in the left hand menu, click the Endpoint Protection Console button.
3. Click the Group Management tab.
4. From the left panel displaying Groups, click the Group that contains the endpoint to scan, then in the right panel, select the specific endpoint.
5. In the right panel displaying endpoints towards the top, find and click the Agent Commands drop-down menu.
6. In the Agent Commands drop-down menu, hover your mouse over Agent, then click Scan a folder from the sub-menu.
7. Specify the path of the folder that contains the archived file(s).
  • If multiple folder locations need to be searched, one command per location will need to be sent.
8. Click the Scan a folder button to queue the agent command.
9. The command will be downloaded and executed by the agent during the polling interval defined by the endpoint policy assigned to the device. Click the links below for more information on polling:
To start a full scan from an endpoint:
Note: To be able to open the GUI locally, the endpoint policy assigned to the device must allow it. For more information on how to enable this via policy, click here.
1. Double click the Webroot Endpoint Protection agent icon (small green circle with a W in it) in the system tray, or right click the icon and click Open…, to open the agent GUI.
2. In the top right part of the agent GUI screen, click the gear icon next to PC Security.
3. In the lower left part of the agent GUI screen, click the Custom Scan button.
4. Using the radio buttons, change the scan type to Full.
5. Using the Add File / Folder button, browse to a location, then click the Add button to add it.
  • If you need to scan multiple file locations, repeat step 5 to add as many as are needed.
6. Once the locations have been added, click the Start Scan button to start the scan.

IMPORTANT NOTE: Full scans will take significantly longer to complete than quick and deep scans and are not typically recommended for this reason. Keep in mind that Webroot’s Endpoint Protection is designed to catch threats as they execute, before they have had a chance to damage a system.

Enabling the Scan archived files setting in Endpoint policies:
1. Log into the Webroot management console.
2. Open the Endpoint Protection console.
For MSP consoles: in the Sites tab, click the site name.
For Business consoles: in the left hand menu, click the Endpoint Protection Console button.
3. Click the Group Management tab.
4. From the left panel displaying Groups, click the Group that contains the endpoint, then in the right panel, locate the endpoint and identify what policy is in use.
5. Click the Policies tab (left of the Group Management tab).
6. Find the policy and double click it to open it and to modify the settings.
7. Under scan settings, locate the setting Scan archived files and make sure it is set to On. Note: Any policy updates will be received and applied by the agents as they check in during their normal polling interval. For more information on polling, see:

This topic has been closed for comments