The most common questions asked about Webroot SecureAnywhere Business Endpoint Protection

  • 5 March 2012
  • 1 reply
  • 96 views

Userlevel 1
Question:  How does WSA perform when no network connectivity is available?
 
Answer:  While WSA has the strongest protection when connected to the Internet, it provides significant protection when offline. A few thousand critical signatures are pushed down from the cloud for offline protection. The client remembers all of the files it's been told about to provide protection. The client further uses behavioral heuristics to block threats when offline and can even turn into a full "whitelist-only" mode. All files are set to monitor when offline - heuristics are applied in real-time and pre-execution. Each system modification is precisely tracked by WSA. Once the client is back online, if a program is eventually found to be malicious, every change that was made can be reverted.
 
 
Question:  Is there a way to create granular overrides for specific or global endpoints?
 
Answer:  Yes. We have override capabilities that can be applied on a client, group, and account basis.
 
 
Question:  Where is the sandbox located? If it’s in the cloud, does that mean that "new" files are being uploaded to Webroot servers for sandboxing or does this occur on the client?
 
Answer:  The sandbox is a local feature that runs on the user PC. No files are ever uploaded to the cloud.
 
 
Question:  What is the average, daily Internet bandwidth consumed by the WSA BEP client?
 
Answer:  Approximately 150KB.
?
Question:  Will the WSA BEP client have any conflicts with existing anti-malware solutions, including current Webroot endpoint security customers?
 
Answer:  The WSA client is compatible with existing anti-malware solutions as well as our own.
 
Question:  Does the ‘Undetermined Software’ report identify the specific impacted files?
 
Answer:  Yes. Filename, pathname, file size, and last seen are shown by default. Additional information can be shown such as first seen, vendor, product, version, and MD5.
 
Question:  Are custom reports available?
 
Answer:  Yes. All reports have different levels of customization allowing reports for targeted data sets. Reports will be available in a number of formats, including PDF, .CSV, SQL Database, and direct print from browser. All reports can be scheduled for delivery.
 
Question:  How does the firewall work? Does the firewall take place of the Windows Firewall?
 
Answer:  The Webroot firewall monitors outbound traffic. It looks for untrusted processes that try to connect to the Internet. It works in conjunction with the Windows firewall, which monitors inbound traffic.
 
Question:  Some malware blocks all network connectivity. How does WSA BEP handle this challenge?
 
Answer:  Because WSA runs at the Kernel level, it has the capability to circumvent any attempt to block its ability to contact the cloud, including bypassing the Windows API should the need arise.
 
Question:  Are mobile laptop users able to connect to the cloud when online (though not connected to the corporate network)?
 
Answer:  Yes. Since we use a cloud-based architecture, our clients never have the need to check in to any service inside a specific network. They simply require an active Internet connection to access our backend.
This extends to the initial deployment as well. The client can be deployed by users directly by running specially named versions of the installation file. During installation the license key is passed by the client to our backend. We then tie that client into the appropriate cloud-based customer admin console using the license key so that it can be remotely managed.
 
 
Question:  What client and server platforms are supported? Please comment on Terminal Server, Citrix, and virtual desktop infrastructure.  WSA works and is supported on the following standard and virtual server and client environments:
 
Answer
- Windows Server 2003 Standard, Enterprise, 32-bit and 64-bit
- Windows Server 2008 R2 Foundation, Standard, Enterprise
- Windows Small Business Server 2008 and 2011
- VMWare vSphere 4 (ESX/ESXi3.0, 3.5, 4.0, 4.1)
- VMWare Workstation 6.5, 7.0, Server 1.0, 2.0
- Citrix XenDesktop 5 and XenServer 5.0, 5.5, 5.6
- Microsoft Hyper-V Server 2008
 
Question:  Does the management console have granular policy capabilities? For example, setting up a different policy based upon group or individual clients.
 
Answer:  Yes. The management console has the ability to create a customized group structure, which you can then use to group computers together based on your own criteria. Specifically configured policies can then be applied to those computers as needed
 
Question:  What is "Journaling and Rollback" and how does it work?
 
Answer:  If a suspicious program has passed the several layers of local checks, it is monitored extremely closely. We watch to see precisely what files, registry keys, and memory locations are changed by the program. There is a before and after picture created of each change. We refer to this extensive monitoring as ‘journaling.’ If the program is eventually found to be malicious after the user connects online again, SecureAnywhere will step in and alert the user and proceed to clean up the threat. Because the threat was active and changed or infected other files on the system, SecureAnywhere doesn't simply delete the main file. It reverts every change that the threat made. If at any point a suspicious program tries to modify the system in such a way that SecureAnywhere won't be able to automatically undo it, the user is notified and the change is automatically blocked.
?
Question:  How often can the client be setup to check in with the management infrastructure?
 
Answer:  The client will check into the cloud for threat data whenever activity on that system warrants. The client can also be setup to automatically poll into the management infrastructure on a defined basis. These intervals are 15 minutes, 30 minutes, 1-, 2-, 3-, 4-, 6-, and 12-hours
 
 
?

1 reply

Badge +3
This is an excellent FAQ!
 
As an addendum, I'd like to also share a link to the Webroot SecureAnywhere Business Endpoint Protection help guide. This is an excellent resource for not only getting started on setting up the admin account, but also for deployment, user/license management, policy management and implementation, creating/viewing reports, setting up overrides, and more!
 
Webroot SecureAnywhere Endpoint Protection Help Guide

Reply