Re-enable Agents Commands

  • 3 July 2019
  • 2 replies

Badge +2
Due to the recent incident in which some MSP's were compromised by malicious actors, Webroot agent commands including "download & run a file" have been disabled from the GSM. While I can understand the need for this on a temporary basis until a true 2FA method is implemented, I was informed by a support representative that this feature will be disabled for the foreseeable future and may never return. The fact remains that this whole incident falls on a small amount of MSP's who weren't using Webroot's "MFA" , and were most likely using poor credentials. Furthermore, had Webroot implemented a true 2FA as it's been requested for years, this was totally avoidable situation.

I feel that you're essentially punishing the majority of your client base by removing a core feature of Webroot due to bad decisions made by a handful of people. We've used this feature frequently for smaller clients and is one of the primary reasons we initially decided to use Webroot and continue to use it to this day.

I would really like an answer as to whether or not this feature will be re-enabled going forward. Even if this ends up being feature that's automatically disabled by default, and requires us to open a support ticket with Webroot or contact them to have it enabled, signing a waiver acknowledging risks, etc, we don't care. However, we absolutely need to have this feature. This will be a determining factor for us in continuing to use Webroot or looking for a replacement anti-virus solution.

2 replies

Userlevel 6
Badge +24

Agreed.  Webroot has been absolutely mum on this topic.


You could even ad 2FA to the commands section, I’m fine with that, or add specific commands that take place of the commands you took away, but we need something.  This was removed because one MSP was careless, and punished all of us.  Now, that threat has been greatly reduced even for those of us who were already careful, and Webroot has said nothing at all.

Userlevel 1
Badge +4

Honestly, I’m glad Webroot removed this functionality and finally enabled a real MFA option.  A second numerical password is not multi-factor authentication despite what Webroot called it. I use an RMM to manage my clients.  Webroot just supplies the AV.  Other than management of the AV software, I don’t want Webroot to have the ability to do anything else with their systems.  Having the ability to download an arbitrary file and execute it on the endpoint is something I *never* liked.  Hopefully, they will also remove the script option as well.  That’s just as bad.