Sticky

It’s Here! Welcome to the Webroot Evasion Shield

  • 13 May 2020
  • 7 replies
  • 4658 views
It’s Here! Welcome to the Webroot Evasion Shield
Userlevel 7
Badge +48
  • Community and Advocacy Manager
  • 1575 replies

It’s coming folks! We’re starting the rollout of the new Webroot® Evasion Shield. This critical security layer uses brand new, patented Webroot technology to detect, block, and quarantine evasive script attacks—including file-based, fileless, obfuscated, or encrypted threats—to help businesses become more resilient against advanced cyberattacks. The shield will also prevent malicious behaviors from executing in PowerShell, JavaScript, VBScript, and more, which are often used to launch evasive attacks. Get an overview of how it works in the video below.

 

 

Who’s going to get the new shield?

Every Webroot Business Endpoint Protection customer will benefit from the new shield. It doesn’t cost extra and you don’t have to install it separately. However, please make sure all your endpoints are using the 9.0.28.00 version of the Business Endpoint Protection agent or higher. Earlier agent versions will not fully support Evasion Shield malicious script protection.

 

Will the new shield start protecting me right away?

The shield is turned OFF by default. We designed it that way because many admins use legitimate custom scripts in their environments, and nobody likes a false positive. We recommend enabling the shield with the Detect and Report setting first, so you can see all the scripts that are currently running and whitelist any that you don’t want flagged. (See more on this in our FAQs, linked below.)
 

Where can I find more information?

For those of you who are interested in learning more (that’s all of you, right?) we’ve put together a number of resources to make sure if you get the answers to your questions.

 

What if I have more questions or need help with the Evasion Shield?

No problem. Click here to get in touch with our support team. We’ll also add more information to this page as needed, so be sure to check back.  


7 replies

Userlevel 1
Badge +4

This looks great!

Userlevel 5
Badge +18

Love to try it, but not available yet for me. Does it only appear when *ALL* endpoint are at version 9.0.28?

Userlevel 2
Badge +1

The perquisite is only that the Agent Version is at 9.0.28 or higher, so it will work on any endpoint with that Agent installed. We updated everyone’s console on Tuesday, so it should be working for you. 

If it isn’t please raise a ticket with Support as I’m sure the Product Manger and  Dev  escalation team will want to help you out pronto.

Userlevel 2
Badge +1

Another factor is that Script reporting and policy only existing at the  Global not the Site level, so you need to be at the Global level.  

Userlevel 5
Badge +18

Another factor is that Script reporting and policy only existing at the  Global not the Site level, so you need to be at the Global level.  

Gotcha.

So is there a way to differentiate policies at the site level? Or do I need to (re)create my site level policies at the global level if I want different Evasion settings within a Site?

Looks like a good feature but doesn’t seem that it’s rolled out yet.

It’s not listed in my policies and searching help files for “evasion” yields 0 results.

I opened a ticket.

Looking forward to turning it up (soon I hope).

Userlevel 5
Badge +18

@gcarey You need to look in the global policies - site policies. Had me confused too. Afaikt there’s no way to set/tweak in the site policies.

Reply