Solved

First impression

  • 15 March 2012
  • 3 replies
  • 24 views

1. Deployment tool - It works ok.  I wish there were something more permanent like the deployment tool built into the old Webroot Corporate edition.  However, it's better than what comes with webroot web security...
2. There's an overwhelming amount of policy settings and it's not straight forward on what they all do.  I wish it had a tool tip pop up next to every setting with a description.  That would be easier than going through the help pages.
3. I wish Webroot Web Security was part of the same web console or at least the client should be the same.  Now I have to use two consoles and deploy two clients.
 
I'm not sure I understand totally how the product works.  It says it uses cloud resources and stores threat defs online etc. but then how would it work when I'm offline?
icon

Best answer by pcman 21 March 2012, 01:59

View original

3 replies

Userlevel 4
Hi Robert,
 
Thank you for letting us know your first impressions of the new Webroot SecureAnywhere Endpoint Protection product.  We evaluate all of our customer's opinions and feature requests for our products and we will address as many as possible in future updates to the product.
 
In response to #1 and #3 ,I would strongly encourage you to post your ideas for Feature Request in the   Webroot SecureAnywhere Business Feature Request.  Posting your suggestions and feature requests in this area will allow other customers to Vote on them, and also allow Product managers to evaluate them for future updates to the product.
 
I agree with you that there are a lot of options when it comes to the Policy Settings and that some of them may be confusing to understand..  However, the Endpoint Protection Administrator's Guide does provide a lot of details about these settings and it is fully searchable as well.  You can access the guide via the link below.
 
Webroot SecureAnywhere Endpoint Protection Administrator Guide
 
Below is an overview of the technology that makes SecureAnywhere Endpoint Protection work.
 
Unlike traditional security software solutions which rely on the constant downloading and updating of definition files to the client, SecureAnywhere uses a revolutionary approach to keeping the PC's on your network protected against the latest threats that are discovered every day. the client agent for SecureAnywhere uses a combination of our cloud database and local behavioral file analysis to detect, block and remove threats. Because the clients and the Console are constantly connected to the cloud, when new threats are discovered we are then able to protect all users of SecureAnywhere in almost real-time.
 
When a client is not connected to the internet, SecureAnywhere uses a journaling function which monitors and records the behavior of files on the system. If any files or processes act suspiciously, those actions are recorded. When connectivity is restored the information about the files is then sent to the cloud for analysis.  If the files are deemed to be a threat, the journaling system will then roll back any changes that were made to the system, which effectively removes the threat.
 
I hope that this information helps you understand things more clearly.  If you have any more questions, please post them and I would be happy to help.
 
Thanks,
 
Howard
Thank you for your reply.  I'm glad Webroot now has a user forum and the ideas site is also a welcome addition.  I usually don't purchase software without a forum...
 
The way you descibed how the product works makes more sense than I've seen anywhere online so thank you for posting.  However, it brings up another question.  If I have laptop users who use their PC offline for extended periods of time such as a couple weeks, should I still be using SecureAnywhere on those machines?  I'm worrid that during the offline time they could get a virus through a usb drive and won't know it until they go online again.
SecureAnywhere does offer offline protection as well and can be enhanced with some tweaks to the settings. First though it's important to remember that SecureAnywhere will prevent re-infection of threats it has already seen when you are offline. Most offline infections are either USB related or a re-infection of a previously seen infection.
 
To deal with new threats while offline, there are some signatures which the agent holds offline to deal with popular threats. Besides this, you can also edit the Offline Heuristics settings to 'Warn when new programs execute that are not trusted"; this means that any file that tries to execute while offline that has never been seen on the computer can be blocked to bring your attention to it. You still have to decide if you wish to run it or not. Choosing to block it will mean that if the file is malicious then it will never have had a chance to run. If you do allow the file to execute, SecureAnywhere will monitor any change it makes so that when you go back online later if the file is found to be malicious the cleanup process will revert any changes that file made to your computer.
 
Lastly there is another option which can increase awareness of suspicious activity when offline. The Identity Shield Settings option to 'Warn before blocking untrusted programs from accessing protected data' means that if an untrusted program attempts to perform an actions such as keylog or screenlog or access protected data from protected applications (by default your browsers are automatically set as protected) then you will get a warning when that process tries to access the data and it will explain what the process was trying to access (i.e.. A new never seen screenlogger will trigger a warning that the process was attempting to capture your screen). While this setting can not be configured to only apply offline it is very useful and informative as to what processes are trying to access protected data and seeing this type of alert offline can allow you to prevent infostealers from stealing your identity even when offline.
 
This is a long post and I apologize however I wanted to finish off by pointing out that when you are offline, it doesn't matter if you are using cloud based or local signature based software you will not have the latest detections available and so it comes down to a matter of configuring the software to prevent unknown activity from occurring until you can very the authenticity of the application once you return online or update your virus signatures if you are using any other third party security.
 
I hope this helps however please let us know if you have any other questions - I'll try to keep my responses a bit shorter next time!

Reply