REMOVE "Run Customer Support Script" and similar features!

  • 19 March 2020
  • 1 reply

Badge +1

The Run Customer Support Script feature in agent commands is a concern because, using that feature, if a Webroot account were to become compromised an attacker could potentially gain unlimited access to ALL servers and workstations under control. This concern applies to any method of running arbitrary scripts through the Webroot management interface

This feature may also render Webroot non-compliant with PCI DSS standards and requirements and that alone makes Webroot unusable to many customers and potential customers.

System administrators have many conventional methods of remote access and management without resorting to a third-party back door within Webroot.

Your continued support of this and any other similar features will cause us to drop Webroot. I urge you to purge any and all such features from an otherwise good system. Thanks!

1 reply

Badge +2

Having the option to disable or enable would be prefered to disabling outright…

If you're making sure your tenancy has MFA is there a concern of taking over?