Password to uninstall Webroot on Endpoint

  • 27 June 2013
  • 3 replies

Userlevel 3
Badge +8
It would be nice if one could assign an uninstall password within the admin console that would have to be input on the client before uninstallation would proceed. Either one password for all endpoints, or one per group of endpoints would be fine. As it stands now anyone with proper permissions (local admins and power users if I'm not mistaken) on the endpoint can uninstall Webroot at their leisure, something that as admins we need to control. It would also provide a second level of protection on a compromised machine as a hacker with admin permissions wouldn't be able to uninstall the AV. Also would stop a "keen" new help desk person from uninstalling the AV if they were thinking it may solve an issue.
Not everyone may need this functionality (although I still used it on a 4000+ endpoint domain deployment for an extra level of comfort some years back) as some organizations have end users with simple regular user permissions and domain controls through GP.
As an MSP we often run into small to midsize companies where end users have local admin privileges, there is no domain that they log into, they are geographically dispersed, and they never had controls in place from the beginning. Changing this way of working is difficult and often even management has issues with it. We run into an enormous number of endpoints in this situation.
Management expects the AV to be there, and if someone gets infected they'll be asking us how it could possibly happen after we sold them "the best protection out there". We told you so really wouldn't cut it.
Having the option in place would give the needed control and security for the AV, while steps are taken, often slowly, to rectify the privileges issue.

3 replies

Userlevel 7
Badge +35
Userlevel 4
There's still a need to have the option to verify the unistallation with a password localy on the machine.
If the technichian is troubleshooting a PC and temporary wish to unistall or disable WSA it's a lot more simple to disable WSA using a password than to logon to the webconsole to uninstall or disable WSA.
I have two customers asking for this feature and they have choosen not to disable local management until this feature exists.
This may also apply to MSP's where the end customer does'nt have access to the portal - with the uninstall password feature they may still be able to delegate the right to uninstall WSA to some users (who knows the password).
Userlevel 5
Hell Jacksun, You can restrict uninstallation via the methods below: EXE Option: If you install using the executable and assign the hostname to a 'managed policy' this should prevent the user from uninstalling Webroot SecureAnywhere from the machine even if they are a local administrator. MSI Option: If you are using the MSI, you need to include APPNOREMOVE 1 to prevent uninstallation by the user. In ORCA - Add a row to the bottom of the PROPERTY TABLE named ARPNOREMOVE and set the VALUE to “1”. Commandline - Msiexec /I WSA.msi ARPNOREMOVE=1 Thank you and please let us know if you have any further questions, Shawn T Product Manager, Support
+1 for this
I have same issues as users are working more and more from home