Under Review

Deleting Endpoints from the Console, Part II

  • 1 June 2018
  • 7 replies

Userlevel 2
There was a Suggestion a few  years ago on this one, but to my surprise it still has not been completed.  I'm a former (and now new at another company) Webroot customer and this seems like the most basic of features.  I too would like the ability to remove an endpoint from the console without having to open a support ticket.  Please address this simple request ASAP.
Previous thread on this topic - https://community.webroot.com/t5/Feature-Requests/Deleting-Endpoints-from-the-console/idi-p/30140/page/2#comments

7 replies

Userlevel 4
Badge +8
Thank you for the suggestion. In fact, we have been looking into this functionality. It's in the backlog!
Userlevel 6
Badge +24
Yes - so much this! 
This isn't just an administrative problem - this bleeds over into billing - number of agents I'm paying for and te proper invoicing for the clients.  There should really be some automation around this to allow us to set thresholds for inactivity and take an appropriate action when the time threshold has been met.  Oh - any we need an alert too - "Hey,  I deactivated X number of clients for inactivity" or "Hi There - I removed X number of agents from the GSM Console".  Those alerts should be customizable as to what information (site, hostname, etc.) the admin would like to see as we may need to provide it to a site admin or even a client to show that we continue to ensure that their webroot deployment is accurate to their environment.
For those of us using ConnectWise Automate - it would be nice if we could configure this either globally or per client or even location via the Webroot SecureAnywhere with Unity plugin.  It does really put MSP/MSSP organizations in a tricky spot sometimes trying to explain to the layperson why they are paying for 100 agents in Automate, but 110 for Webroot.  Being able to automate the counts between the two systems so that they remain in sync would be a big win.
Userlevel 2
Absolutely agree! It would be very convenient.
I also would like to see this feature. I have more deactivated endpoints than active endpoints, primarily because we renamed most of our PCs to implement a new naming convention, and the old names had to be deactivated. Also, I'm just anal about things like this and I have no desire to see this old information and want to remove it. I paid for the software, why not let me decide if I want this old data to hang around?
Userlevel 1

+1 vote for this feature.  It’s been years, and multiple threads on the issue.  When can we expect this?

Userlevel 7
Badge +59

Maybe we need to ping a couple of Webroot Staffers! @freydrew  @khumphrey  @BruceR  @coscooper  :wink:

Userlevel 6
Badge +26

@msmith-442  and others monitoring this thread… this is being addressed when we release the console refresh early next year. There are numerous console updates coming with that refresh including UI/UX changes and many of these feature requests.


Explanation: Deactivated devices/sites have been kept in the console for historical data analytics as all of our data is stored in the cloud, we still reference endpoint information, even if it’s been decommissioned. If a device ran for a few years, saw x,y,z threat and/or 1,2,3 unknown software, it’s all captured and listed in our threat data for analytics on how many devices saw each binary. So, for those reasons, devices do NOT get deleted, which is why there’s a “deactivated” concept.

NOTE: No personal data is stored, it’s just binary hashes and vendor references or threat references, nothing personal.

That said, there are challenges with this architectural design (which goes back years) and to change it is no easy feat. Besides the console, it’s dependent on agent behavior, which is driven by Device MID (unique identifier). If the device keeps on checking in under the same MID as before and the agent is still installed, it’s referenced until it’s truly gone. Not ideal, but it is being addressed to try and make this more accurate. The key to deactivated not checking in is to insure it’s truly been uninstalled before releasing the device to the owner OR decommissioning it. Agent Commands have been beefed up under to be more consistent. Also, Agent Commands TTL for agents has been extended to 30 days. So, these should uninstall more consistent.


Lastly - any console administrator can request, from support ,to remove any and all deactivated devices or deactivated sites. It doesn’t get deleted, they get “archived” for continual reference. This was not part of the original console design and will be added in future release.

The one caveat: if an agent is still installed, checking in with the original MID it will not be deleted as it will continue to checkin as a deactivated device. Our advice is to get it fully removed. if it’s unaccessible, then contact the current management organization and have them remove it. Support can offer options and provide assistance.

Hope this helps.