Add feature so we can permananently delete from quarantine using the console

Userlevel 4
Add a feature so we can permananently delete from quarantine using the console.  That feature exist in the user GUI for unmanaged clients so it makes sense that it should exist in the console for managed clients

18 replies

Having the ability to delete qurantined items form the End Protection Console would save a lot of time and make monitoring of all clients much clearer.
Userlevel 1
Definitely agree with this request as we've had a few requests for this with our resellers.
Userlevel 2
Badge +1
This feature is something we also need. We have also had requests for it and we think that it is of essence.
Userlevel 1
Just had a partner recommend this functionality to me again. This is a needed feature and considering the kudos on it should really have a response
I agree that Webroot should implement this feature into their console. I work with multiple off site clients that do not allow us to easily remote into their workstations, making removing actual threats from their computers a much larger hassle then it should be.
If Webroot can have a feature in their console to whitelist false threats stored in quarantine than I cant imagine why it should be difficult to have threats removed entirely.
The company I work for also deals with offsite clients, and we cannot always go onsite to look at the devices.
Userlevel 7
Badge +56
@ wrote:
Add a feature so we can permananently delete from quarantine using the console.  That feature exist in the user GUI for unmanaged clients so it makes sense that it should exist in the console for managed clients

Another +1 for this. It seems like an oversight not having this. I AM BOFH! It seems illogical to be blocked from deleting the files without having to work around things by making the endpoint unmanaged. Especially for remote systems at a client site where I cannot remote on to. 
Userlevel 7
Badge +29
I agree newwave. I want the ability to remove the threat and it's associations immediately and being told by support to place the agent in unmanged mode makes no sense.
Again, as a service provider, there are times when we can't remote in or have no ability to be on-site. This is a no brainer.
Agreed.  What a waste of my time.
1 - Item quarantined
2 - attempt to restore and whitelist from the client, "Client managed from the webconsole..."
3 - attempt to restore and whitelist from the console...where the hell is this setting!?!
4 - attempt to modify the policy to allow user to manage their own quarantine...where the hell is this setting?!?
5 - give up on trying to find anything useful in documentation, call webroot support
6 - told I have to unmanage the device, unquarantine from client, then move back to managed...
7 - after 57 minutes, I can now start a service that is classified critical in our company.
I am dissapointed that this feature is not here. I bought this instead of Symantec.Cloud. Had I realized that I cannot remove from the console (like I can in Symantec.Cloud). I would have gone with symantec. Anything other than being able to remove it from the cloud console is upside down. 
Userlevel 7
Badge +29
Yes definitely needs to be added the option to immediately delete files found.
Badge +3
I'm so relieved that I discovered this problem before we have purchased webroot.  The use cases for webroot are dwindling in our organisation.
Userlevel 6
Badge +26
All - while this feature (remotely deleting quarnatined files) is something that makes sense when compared to other solutions that require a lot of manual intevention, having to manually delete them is not necesary since the agent does in fact remove the files at a point in time in the future. The WSAB agent keeps machines secure, removes threats in a different fasion than the competition and has a high efficacy, which is the focus and intent of the agent.

For clarification and understanding how the agent works, files that are quarantined are not stored in a locked folder like other tools that rely on ACLs, they're actually encrypted into a seperate file so they can no longer be functional, but they're accessible if/when it's determined to be a false positive and needs to be restored. One of the main rationales for this approach is so the files can be removed instantly and not rely on operating system removal where it can still have a chance to act. It's also a way for the files to be reviewed if/when asked and to insure they're not accidently removed through deletion if it's a false positive. Since they're no longer accessible and encrypted, they're basically irrelevant
Once the files have been encrypted and have been determined to no longer be a threat, the agent does remove them after 30 days. The threat history is retained in the console for historical review and not purged, but the encrypted files with the qurantined items are in fact removed automatically.
Hope this helps clarify how the agent works.
Userlevel 7
Badge +29
Took the words out of my mouth coscooper.
edanto : Of all the products and services I've used from different vendors, you'd have great success with Webroot. We are an MSP partner and have switched from ESET and now that we can manage all of our thousands of clients and thousands of endpoints with ease, once Webroot is on the systems it's essentially set and forget.
It's a different way of handling malware as opposed to the old way of doing things.
I understand that from a security point of view there is no need to remove the malware from the quarantine list however, there are other things to consider as well. We have a client with ~100 managed endpoints who now have a regular secondary audit run over their network which identifies all of the items in the quarantine list for all of their endpoints. Because we cannot clean out this quarantine list the report is more noise than value and so, even though we don't NEED to remove the items for security reasons, we would love to be able to so that we can clean up the list in this report at the source (WebRoot)
Userlevel 7
Badge +35
Closing as Coscooper's response addresses the issue and the most recent comment is over a year old. 
Userlevel 1

Just came across this thread trying to figure this out.  What a hassle having to remote into a user’s machine just to remove an infected file from quarantine!  Needs to be a way to do this from management console.