New

Not all detected infections reported to web console


Userlevel 1
Badge +4
I found out today that certain types of infections detected by Webroot are not reported to the SecureAnywhere console. I found that detected items in the registry are not noted. According to support, this is by design.

In what world is it acceptable to not report detected infections and cleanup? The detection scan and cleanup scan afterwards are both reported in the SecureAnywhere console, but the actual malicious threats found and removed were not.

In this case, there was a malicious run key added to the registry. Webroot found and removed the run key, but wasn't able to detect the process that added the run key in the first place. If the removed key and data was properly logged in the SecureAnywhere console, I would know that an undetected threat may be present on the system, but if this information isn't reported, it makes performing this determination impossible.

Anything that triggers an infection detection status needs to be reported in the console. If not, an unknown threat could be present on the machine, and no one would have any idea until it was too late.

8 replies

Badge
Cant believe this is happening, web console should better report what's going on on the endpoints!
Userlevel 5
Badge +19
I haven't heard of this specifically, but this is definitely interesting information. Personally we are using Webroot's Business SecureAnywhere Endpoint Protection product. I've noticed that it might report a virus from 3 endpoints, but not one. I know it should have picked it up on all 4 endpoints because it's a false positive for our backup software, so I'm trying to deploy an official piece of software. On top of not reporting that it blocked it on one endpoint, Webroot also didn't report that it blocked it two additional times when I tried to redeploy it. I'm working with support to get the false positive fixed, so if anyone at Webroot wants to review the support ticket, it's 213096.

@netmc, is this an issue with Webroot's business product for you?
Userlevel 1
Badge +4
False positives? Not that I'm aware of. Our RMM tool monitors Webroot infections directly from the registry keys that webroot flips when when it detects something out of the ordinary. This creates a ticket in our system that must be manually reviewed. I would end up with tickets created without a corresponding issue logged in the SecureAnywhere console. At first I thought it was the RMM monitor being goofy. When I started digging into this issue, first with the RMM support, then with Webroot, we discovered that the registry key cleanup was listed in the WRSA device logs, but not the webroot console.
Userlevel 5
Badge +19
If this is for the business product, I wonder if this thread should be moved to the Business Feature Request forum. It might get more votes from business users there. Just an idea.

Is that idea inception? An idea within an idea? 🤔
Userlevel 1
Badge +4
probably, but support couldn't find the business idea forum, and neither could I.
Userlevel 5
Badge +19
@netmc, under the Menu at the top left of the community you'll find a section for Ideas. One is the "Got an Idea" forum, which is where this thread is currently, and the other is the "Submit a Business Feature Request" forum?

@LLiddell or @freydrew, should this thread be moved to the "Submit a Business Feature Request" forum? I wouldn't suggest the "Got a Question" forum or any of the other business forums due to the fact that multiple people are requesting that the Webroot Business Console report/show all instances of when things get blocked. I think this makes it a business feature request.

For everyone else in the Webrootverse. Please vote this idea up! We should be made aware of what Webroot is doing on our systems, especially as business admins.
Userlevel 7
Badge +33
NicCrockett wrote:

@netmc, under the Menu at the top left of the community you'll find a section for Ideas. One is the "Got an Idea" forum, which is where this thread is currently, and the other is the "Submit a Business Feature Request" forum?

@LLiddell or @freydrew, should this thread be moved to the "Submit a Business Feature Request" forum? I wouldn't suggest the "Got a Question" forum or any of the other business forums due to the fact that multiple people are requesting that the Webroot Business Console report/show all instances of when things get blocked. I think this makes it a business feature request.

For everyone else in the Webrootverse. Please vote this idea up! We should be made aware of what Webroot is doing on our systems, especially as business admins.


Moved it, thank you!
Userlevel 5
Badge +19
Thanks @LLiddell! 😁

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings