cancel
Showing results for 
Search instead for 
Did you mean: 

Endpoint Protection and GSM KB

Top Contributors
Sort by:
LusyPOS is a new variant of malware that was used in the Target breach.  It combines code from two other pieces of malware named Dexter and Chewbacca.  It targets Point of Sale (POS) systems with a view to stealing customer information and credit card data stored in RAM. It uses the encrypted Tor network to communicate with the server that collects the data.     To protect your POS systems from this threat we recommend: 1. Using an antivirus and malware detection system that detects LusyPOS.  Webroot SecureAnywhere will detect and prevent LusyPOS. 2. Making sure that your firewall blocks communications that attempt to access the Tor network   Additional resources to learn more: http://www.networkworld.com/article/2854093/new-pointofsale-malware-on-underground-markets-for-2000.html https://community.webroot.com/t5/Security-Industry-News/New-point-of-sale-malware-on-underground-markets-for-2-000/m-p/174835
View full article
  Webroot SecureAnywhere Business Endpoint Protection System Requirements   For Desktops: Minimum system requirements Desktop Operating systems: Webroot SecureAnywhere can be installed on a computer with one of the following operating systems: Windows® 10 32 and 64-bit Windows 8, 8.1, 32 and 64-bit Windows 7, 32 and 64-bit Windows Vista®, 32 and 64-bit Windows XP®** 3, 32 and 64-bit Windows XP** Embedded Mac OS X 10.7 (Lion®) Mac OS X 10.8 (Mountain Lion®) Mac OS X 10.9 (Mavericks®) Mac OS X 10.10 (Yosemite®) Mac OS X 10.11 (El Capitan®) Mac OS X 10.12 (Sierra®) Mac OS X 10.13 (High Sierra®) **must support SHA-2   For Servers: Minimum system requirements Server Operating systems: Webroot SecureAnywhere can be installed on a server with one of the following operating systems: Windows Server® 2012 R2 Standard, R2 Essentials Windows Server 2008 R2 Foundation, Standard, Enterprise Windows Server 2003** Standard, Enterprise, 32 and 64-bit (must support SHA-2) Windows Small Business Server 2008, 2011, 2012 Windows Server Core 2003**, 2008, 2012 Windows Server 2003** R2 for Embedded Systems Windows Embedded Standard 2009 SP2 Windows XP Embedded SP1, Embedded Standard 2009 SP3 Windows Embedded for POS Version 1.0 Windows Server® 2016 Standard, Enterprise and Datacentre **must support SHA-2   For VM Platforms: Minimum system requirements Virtual Machine Support: Webroot SecureAnywhere can be installed within the following Virtual Machine environments on supported Operating Systems:   VMware® vSphere® 5.5 and older (ESX®/ESXi 5.5 and older), Workstation 9.0 and older, Server 2.0 and older Citrix® XenDesktop® 5, XenServer® 5.6 and older, XenApp® 6.5 and older Microsoft® Hyper-V® Server 2008, 2008 R2 Virtual Box     For Browsers: Minimum system requirements Browser Versions: Webroot SecureAnywhere provides support for the following Browser versions: Google Chrome® 11 and newer Internet Explorer® version 11 and newer (Windows XP IE8) Microsoft Edge® (partial support) Mozilla® Firefox® version 3.6 and newer Safari 5 and newer Opera 11 and newer  
View full article
  As the impact and severity of crypto-ransomware threats and attacks has grown over the past 2½ years, we have published many blogs and articles on how best to defend against these modern day extortionists. We do not believe that our businesses or consumer customers should have to choose between extortion and losing precious, irreplaceable data. We often get asked the leading question: “which endpoint security solution will offer 100% prevention and protection from crypto-ransomware?”   The simple answer is none.   Even the best endpoint security (which we pride ourselves on innovating and striving towards) will only be 100% effective most of the time. At other times the cybercriminals will have found ways to circumvent endpoint security defenses and their attack will likely succeed. Each day many ransomware campaign operators create a new variant which is re-packed making it once again undetected for all of antivirus.   Use Reputable, Proven, Multi-Vector Endpoint Security Back-up your data User Education Disable Execution of Script Files Patch and Keep Software Up to Date Secure Weak Username/Passwords which have Remote Desktop Access
View full article
      All Webroot SecureAnywhere® solutions are fully cloud-based, which means you don’t have to worry about maintaining on-premises hardware or software. What’s more, our protection works in real time, so there are no definition files for you to update, and the Global Site Manager (GSM) console makes it easy to remotely manage security on your endpoints.   The GSM was purpose-built to streamline management for multiple sites and locations, and it supports policies at the global and individual site level. That means you can set some policies to apply to all locations, while other policies apply only to specific sites or locations. You can even manage access rights and permissions alongside the administration of all your sites.   With our cloud-based management with full remote endpoint administration, delivering global management becomes extraordinarily cost-effective compared to conventional antivirus, making it ideal for businesses of all sizes.    Here's how easy it is to deploy Global Site Manager: Create sites and locations One site for each entity One site for multiple entities, if applicable Create and assign policies Add more administrators and assign permissions, if applicable Configure Global Alerts, if applicable Deploy SecureAnywhere software across all computers in your network
View full article
  Cybercriminals scan the internet daily for systems with commonly used RDP ports and bruteforce with weak usernames/passwords and attempt to gain access. Once access has been gained, they can deploy variants of ransomware, create user accounts, and download other unwanted malicious software. Here’s some tips you can use to help secure RDP and prevent this type of attack.     Preventing scanning for an open port:   Restrict RDP to a whitelisted IP  Require two-factor authentication, i.e. smartcards Use protection software to prevent RDP bruteforce Create a GPO to enforce strong password requirements: https://technet.microsoft.com/en-us/library/cc786468(v=ws.10).aspx Change the default RDP port from 3389 to another unused port Change default RDP port from 3389 to another unused port        To change the default port, execute the following in an elevated command prompt –         REG ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal                  Server\WinStations\RDP-Tcp" /t REG_DWORD /v PortNumber /d XXXX /f         The parameter “XXXX” is the port number you would like to move RDP to. It is  recommended to choose a random port number that is not in use and outside of the 33XX port range. Block RDP (port 3389) via firewall Restrict RDP to a whitelisted IP range  It is also important to monitor possible intrusions with Windows Event Viewer. This will show you what cybercriminals may be doing to try and get in, and help you adjust and use different security measures in your environment. Here’s an example to filter event logs for the event ID “4625” (An account failed to log on).  
View full article
  Ransomware such as: CryptMic, CryptXXX, Cerber, and Locky can be distributed via exploit kits, which target the software vulnerabilities of Adobe Flash Player, Oracle Java, Internet Explorer, Microsoft Silverlight and other vulnerable applications. If this software is exploited, an exploit kit landing page can execute arbitrary code and initiate a silent drive by download. It is critical for system administrators to keep this type of software up to date as most infections dropped by Exploit Kits are known as "zero days" (malware which is fully undetected by all antivirus). If outdated software must be present in your environment, we recommend you download and install Microsoft's EMET to mitigate attacks.   Download EMET
View full article
  Webroot has for years found many highly prevalent ransomware variants delivered through email attachments. These attachments are often a zip archive that contain a script, which serves the purpose of downloading/executing a ransomware/malware payload. Webroot recommends preventing the execution of script file types to avoid this type of attack.   Example Spam Email:   In order to prevent these types of documents and scripts from running we recommend choosing the most appropriate solution for your environment below.   Step 1: Block WSF, VBS, WSH, HTA, VBS and JS files:   There are three options to prevent script files from running on a system. Option 1: REDIRECT SCRIPT FILE EXTENSIONS VIA GPO To enable this policy setting, access the system set up for policy control and navigate to the following setting: User Configuration   -   Preferences   -   Control Panel   -   Settings   Right-click on   Folder Options   and navigate to   New   >   Open With   . Type in the each unwanted extension, i.e.   wsf, js, vbs  into the "File extension" box, then input the path of a program you want to have as default to open the file. Tick   Set as default   and press   OK.   Example of redirecting the extension   .wsf, .js, and   .vbs to notepad: We recommend redirecting the file types:   .hta, .jse, .js, .vbs, .vbe, .wsf, .wsh, and .ps1 .   If a system administrator needs to run a   WSF, VBS,  JS,  or any other script file, this can still be achieved by starting the WScript program with the script file as an argument. For example: : C:\Windows\System32\WSCRIPT.exe C:\example.vbs    Option 2 : REDIRECT SCRIPT FILE EXTENSIONS VIA WEBROOT CONSOLE    If there is not a policy controller available, as an alternative, you can redirect file extensions with the utility below.   1. Sign into the Webroot Enterprise Console and click   Group Management. 2. Select the hostnames which you would like to have this applied to, and then navigate to   Agent Commands   >   Advanced   >   Download and execute a file. 3. Input the following link into the URL field:                    https://download.webroot.com/NoScrypts.exe   For the   Command Line Options   field, the following commands can be used:   -disable  - This command will redirect the default action for the following file types: .hta, .jse, .js, .vbs, .vbe, .wsf, .wsh, to instead show a message box like so:     To apply this from the Webroot Endpoint Console, refer to the screenshot below:   -disable “Custom Message” – This command will allow you to redirect the default action for the same file types, however it also allows you to specify the message you would like the user to see. Where “”Custom Message”” is the message you would like to display to a user that opens a script file. Quotes are required around this text. Optionally you may include %1 in your custom message. This will show the file that was blocked like so:     To apply this from the Webroot Endpoint Console, refer to the screenshot below:   -enable - This command restores the default execution program for the file types mentioned above.   To apply this from the Webroot Endpoint Console, refer to the screenshot below:   4. Click “Download and Execute” to send the command to the system. Note: You may view the status of sent commands by choosing the “View commands for selected endpoints” option in the “Agent Commands” menu. Depending on poll interval, it may take up to 24 hours for the endpoint(s) to receive this command. You may force a poll check or configuration update to receive this command immediately by locating the Webroot icon in the system tray, right clicking it, and selecting “Refresh Configuration”. 5. Ensure script files are blocked by attempting to open a file with a blocked file type.   Option 3: DISABLE WSCRIPT HOST WScript Host   (C:\Windows\System32\WSCRIPT.exe)   is  application within Windows that interprets   .vbs, .vbe, .js, .jse, .wsf   and other types of script files. When a script is run, it will execute the script through this program. Because of this, you may want to disable WScript Host entirely. To do so, use one of the following procedures.   From the Webroot Console:   1. Sign into the Webroot Enterprise Console and click Group Management. 2. Select the hostnames that you would like to have this applied to, and then navigate to Agent Commands > Advanced > Download, and execute a file. 3. Enter the following link into the URL field:                         https://download.webroot.com/DisableWSCRYPT.exe       4. For the Command Line Options field, the following commands can be used:    -disable -   This command will disable WScript and disallow execution of script files.   -enable -   This command will enable WScript and allow execution of script files.   5. Click “Download and Execute” to send the command to the system. Note: You may view the status of sent commands by choosing the “View commands for selected endpoints” option in the “Agent Commands” menu. Depending on poll interval, it may take up to 24 hours for the endpoint(s) to receive this command. You may force a poll check or configuration update to receive this command immediately by locating the Webroot icon in the system tray, right clicking it, and selecting “Refresh Configuration”. 6. Ensure WScript is blocked by opening a command prompt, typing “WScript”, and pressing enter. You should be presented with the following message:     Manually - 64 BIT: To disable Windows Script Host, execute the following in an elevated command prompt: REG ADD "HKLM\Software\Microsoft\Windows Script Host\Settings" /v Enabled /t REG_DWORD /d 0 /f /reg:32 REG ADD "HKLM\Software\Microsoft\Windows Script Host\Settings" /v Enabled /t REG_DWORD /d 0 /f /reg:64 To re-enable Windows Script Host, execute the following: REG ADD "HKLM\Software\Microsoft\Windows Script Host\Settings" /v Enabled /t REG_DWORD /d 1 /f /reg:32 REG ADD "HKLM\Software\Microsoft\Windows Script Host\Settings" /v Enabled /t REG_DWORD /d 1 /f /reg:64 Manually - 32 BIT: To disable Windows Script Host, execute the following in an elevated command prompt: REG ADD "HKLM\Software\Microsoft\Windows Script Host\Settings" /v Enabled /t REG_DWORD /d 0 /f To re-enable Windows Script Host, execute the following: REG ADD "HKLM\Software\Microsoft\Windows Script Host\Settings" /v Enabled /t REG_DWORD /d 1 /f   Step 2: Disable Macro execution.   Office Macros can be beneficial to some work environments, however in most cases they are not necessary to have enabled and are only a security risk. Some ransomware utilize macro scripts within documents as a channel for payload delivery.   Macro example:   To enable this policy setting, Run gpedit.msc and navigate to the following setting: User configuration   >   Administrative templates   >   Microsoft Word 2016   >   Word options   >   Security   >   Trust Center. Double-click on   Block macros from running in Office files from the Internet setting and Enable   it.     Office 2013 :  https://technet.microsoft.com/en-us/library/ee857085.aspx Note : If there is not a policy controller available, as an alternative you can disable macros without notification manually:     Step 3: Prevent Users from running Powershell via GPO.   To enable this policy setting, Run gpedit.msc and navigate to the following setting: User configuration   >   Administrative templates   >   System     1. Double-click on  Don't run specified Windows applications .   2. Click the radio button Enabled to enable the policy. 3. Click the Show button next to List of disallowed applications and add powershell.exe to the list and click OK.      
View full article
The “human firewall” – your users – are often the weakest security link. A lot of lip service is paid to User Security Education, and with the advent of online self-paced courses there is no excuse not to look at using those tools to help educate your users of the risks they face in the office and from using the Internet at home. If a user receives an invoice, receipt, or any other form of attachment from someone they are unfamiliar with, chances are it’s bad. For word document emails, it is also advised to warn users to avoid clicking “enable content” for emails from unfamiliar sources. 
View full article
  If you have failed to stop ransomware from successfully encrypting your data, then the next best protection is being able to restore your data and minimize business downtime. Bear in mind when you are setting up your backup strategy that crypto-ransomware like CryptoLocker will also encrypt files on drives that are mapped, and some modern variants will look for unmapped drives too. Crypto-ransomware will look for external drives such as USB thumb drives, as well as any network or cloud file stores that you have assigned a drive letter to. You need to set up a regular backup regimen that at a minimum backs up data to an external drive, or backup service, that is completely disconnected when it is not performing the backup. The recommended best practice is that your data and systems are backed up in at least three different places.   Your main storage area (file server) Local disk backup Mirrors in a cloud business continuity service   In the event of a ransomware disaster, this set-up will give you the ability to mitigate any takeover of your data and almost immediately regain the full functionality of your critical IT systems.
View full article
  When it comes to endpoint security, there are many choices out there. While published detection tests help when it comes to crypto-ransomware, most detection testing is flawed – with many programs achieving 100% detection results that can’t be reproduced in the real world. Webroot has built a strong reputation for stopping crypto-ransomware. Our goal, first and foremost, is to be 100% effective. Webroot was the first antivirus and antimalware vendor to move completely away from the standard, signature-based file detection method. By harnessing the power of cloud computing, Webroot replaced traditional, reactive antivirus with proactive, real-time endpoint monitoring and threat intelligence, defending each endpoint individually, while gathering, analyzing, and propagating threat data collectively.This predictive infection prevention model enables Webroot solutions to accurately categorize existing, modified, and new executable files and processes, at the point of execution, to determine their status. Using this approach, Webroot rapidly identifies and blocks many more infections than signature-based approaches, and we are highly proficient at detecting and stopping crypto-ransomware. Of course, you need protection that covers multiple threat vectors. For instance, real-time anti-phishing to stop email links to phishing sites, web browser protection to stop browser threats, and web reputation to block risky sites that might only occasionally be unsafe. Over the past four years, the Webroot approach to infection prevention has continuously proven its efficacy at stopping crypto-malware in real time by addressing threats the moment they attempt to infect a device, stopping the encryption process before it starts. Regardless of which endpoint security solution you choose, it’s essential it offers multi-dimensional protection and prevention against malware to ensure it quickly recognizes external threats and any suspicious behaviors. A next-generation endpoint security solution with protection beyond file-based threats is essential.
View full article
Managing your alerts with Webroot couldn't be easier. 
View full article
Global whitelist overrides can now be set on a file or folder level as well as the traditional MD5 (Message-Digest algorithm 5) level in Endpoint Protection. This upgrade allows greater flexibility in the deployment of overrides and means that multiple related MD5 overrides no longer have to be whitelisted individually, instead the whole associated directory can simply be whitelisted.   Note: If you detect or remove a file before an exclusion or override is in place, you will need to uninstall then reinstall or ensure that the detected files are restored from quarantine. If the files are still located locally in the quarantine or block/allow tab, the exclusion does not work.   To create a whitelist override: 1. Log in to your   Endpoint Protection console.     The Endpoint Protection console displays, with the Status tab active.     2. Click the   Overrides   tab.     3. The system displays the Overrides panel, with the Whitelist tab active.     4. Click the   Create   button.     The system displays the Create override window.     5. In the Override Name field, enter a name for the override.     6. Do one of the following: If you're done, click the   Save   button. To create a Folder/File override, continue with this procedure. Note: To use File/Folder overrides please make sure endpoints are running version 9.0.1 or higher of Webroot SecureAnywhere Endpoint Protection. Earlier versions support MD5 overrides only.   7. In the New Whitelist Entry window, select the   Path/File   radio button.     The system displays the Create override window with the relevant fields.     8. Use the information in the following table to populate the fields.    FIELD DESCRIPTION Override Name Enter a name for the override. Override Type You have already selected the Path/File radio button. File Mask Target a file or group of files by specifying a file mask with optional wildcards, for example, *.exe to target all executable files in the selected folder. This will default to all files in the selected folder/path if not specified. Path/Folder Mask The folder to target with the override. You can specify an absolute path, for example, x:\myfolder\ or a system variable with optional path, for example, %SystemDrive%\myfolder . Default supported environment variables are displayed when you type % (percent)however you may choose to use any variable you have setup on the target machine with the exception of user variables which are not supported. You may not use %temp% for example as this refers to a specific users temp directory (‘username/temp/’). Wildcards are not supported. Include Sub-folders Select this checkbox to apply the override to all sub-folders within this folder. Detect if Malicious If this setting is enabled Webroot will continue to protect the user against threats originating from the selected file/folder whitelist override but will disable monitoring and journaling. This is primarily used to improve performance when monitoring and journaling is being applied to a large number of files with an unknown determination. Disabling this setting will provide a true whitelisting, allowing files to run without Webroot protection. Global (GSM) Override Selecting this will make the Override global for every site under the current GSM Console. Apply to Policy Do either of the following: Select   Yes   to apply the Override to a specific policy, global policies included. Select   No   to apply to all policies on the selected site. 9. When you're done, click the  Save  button.  
View full article
You can customize alert messages and send them to a distribution list whenever the following types of events occur:   Endpoints reporting an infection New SecureAnywhere installations on endpoints For both of these event types, you can customize the alerting method so administrators receive a message as soon as the event occurs or on a schedule, such as daily, weekly, or monthly. Using a setup wizard in the Alerts tab, you can customize the subject heading and body of the messages. You can also use variables to add information for the endpoints triggering the alerts, affected groups, and other specifics about the event.   Note: To customize alerts, you must have access permissions for Alerts: Create & Edit.    To implement an alert: Create a distribution list based on email addresses. List members do not need to be defined in the Manage Users panel of the Management Portal. For more information, see   Creating Distribution Lists . Create alert messages that are sent to the distribution list whenever endpoints report an infection or SecureAnywhere is installed on an endpoint. For more information, see   Creating Customized Alerts . All your customized alerts display in the Alerts tab.  
View full article
From the Alerts tab, you can easily create a distribution list of users who will receive alert messages. For example, you might want to create a list of administrators who need to respond to threat detections at a remote office.   Note: You can also create a distribution list in the Create Alert wizard. For more information, see  Creating Customized Alerts .   To create a distribution list: Click the   Alerts   tab. In the Distribution Lists column, from the Command bar, click   Create.   The Create Distribution window displays     In the List Name field, enter a name for the list. In the Email Addresses field, enter the email addresses of the recipients, with each address separated by a comma. When you're done, click the   Save   button. The new list is added to the Distribution Lists panel.   To delete the list later, highlight the name of the list and from the Command bar, click the   Delete   icon.
View full article
You can customize the alert messages sent to a distribution list for the following types of events:   Infection Detected   — An immediate message sent when an endpoint reports an infection. Endpoint Installed   — An immediate message sent as soon as SecureAnywhere is installed on an endpoint and it reports into the Management Portal. Infection Summary   — A summary message that provides an overview of threats detected on endpoints. The summary can be scheduled for a daily, weekly, or monthly distribution. Install Summary   — A summary message that provides an overview of SecureAnywhere installations. The summary can be scheduled for a daily, weekly, or monthly distribution.   You can use the Create Alert wizard to define the messages and a distribution list, as described in this topic. You can also define a distribution list separately; for more information, see   Creating Distribution Lists .   To create a customized alert: From the main console, click the   Alerts   tab.   The Alerts panel displays.        2. From the Command bar, click the Create icon.     The Create Alert window displays.         3. From the Alert Type drop-down menu, select an alert type.        4. In the Alert Name field, enter a name for this alert.         5. If you selected Threat Summary or Install Summary as the alert type, the Frequency field displays. Select a frequency to determine how often you want the system to send alerts. Daily Weekly Monthly    6. Click the Next button.     The Step 2 window displays.        7. Select one of the following radio buttons to determine the list of recipients that you want to alert: If you already created a distribution list, select the   Use existing list   radio button.   If you have not yet created a distribution list, select the   Create new list   radio button, enter a list name, then enter the email addresses.      8. When you're done, click the Next button. The Step 3 window displays.         9.  In the Email title field, enter the subject head for the message.    10.  In the Email message body field, enter the text for the message.        11. The wizard also provides data inputs within the text, which are variables you can use for automatically inserting such information as the hostname of the endpoint. Some data inputs are already displayed for you in the sample text. Data inputs are displayed in brackets.   To add your own data inputs, click inside the text where you want a variable to display , then click the drop-down arrow for one of the Data Inputs buttons. There is one button for the email title and one for the email body.          12.  Select from the data inputs, which are all described in the following table.   Note: Depending on the type of alert message you are defining, only the applicable data inputs display in the drop-down menu.      DATA INPUT      DESCRIPTION   Hostname The name of the endpoint triggering the alert. Group Name The group assigned to the endpoint triggering the alert. Group Description A description of the group assigned to the endpoint triggering the alert. Policy Name The policy assigned to the endpoint triggering the alert. Keycode The keycode used for the endpoint triggering the alert. Current User The user of the endpoint triggering the alert. Console Name The name of the Console where the endpoint is included. First Seen The date and time when this event was first detected. Last Seen The date and time when this event was last detected. Last Infected The date and time the endpoint triggering the alert was last infected. Operating System The operating system version on the endpoint triggering the alert. Agent Version The version number of the SecureAnywhere software installed on the endpoint triggering the alert. MAC Address The Media Access Control (MAC) address on the network where the endpoint triggering the alert is installed. Workgroup The network workgroup where the endpoint is located, if any. Active Directory The name of the Active Directory. Infection List A list of infections. Infection Summary A summary of the infections. Install Summary A summary of the SecureAnywhere installations. Note: Both the Workgroup and Active Directory data points are unsupported in the Mac agent.      13.To view the email message, click   Preview.    14. When you are done creating the message, click Finish.  
View full article
All your customized alerts are listed in the Alerts tab with a status of Active. From here, you can edit the alert by double-clicking in its row.   On the right side of the panel are the distribution lists you defined.     If needed, you can display or hide additional data about the alert messages.   To view a defined alert message: Click a column header to open the drop-down menu, then do either of the following: Select a checkbox to add a column. Deselect a checkbox to remove a column.   The information in the columns is described in the following table.   COLUMN DESCRIPTION Alert Name The name defined in the Create Alert wizard. This column is static and cannot be hidden. Alert Type Displays one of the following alert types: Infection Detected Endpoint Installed Infection Summary Install Summary Distribution List The email recipients for this alert. Date Created The date the alert message was defined. Created By The administrator who created the alert message. Date Edited The date, if any, that the alert message was modified. Edited By The administrator who modified the alert message, if applicable. Status The alert status, which is either Active or Suspended.  
View full article
After customizing alert messages for a distribution list, you may decide later that an alert is no longer necessary. You can permanently delete an alert; or if you think it might be useful again sometime in the future, you can temporarily suspend it instead.   To suspend or delete an alert: Click the Alerts tab. From the Alert Name column, select an alert.  From the Command menu bar, click either the Delete or Suspend icon.   If you selected Suspend, the alert is grayed out in the column, and Suspended displays in the Status column. Later, you can select the alert again and click   Resume. If you selected Delete, click   Yes   at the prompt. The alert is permanently removed from Endpoint Protection.
View full article
We are continuously developing new material to help protect individuals against ransomware and other threats. Here are a few of our recent publications that you may share with your friends, family, and co-workers.   Whitepaper - Q&A The Truth About Crypto Ransomware   Webinar - Defeating Polymorphic Phishing   Webinar - Cloud Security Best Practices for Defending Against APTs   Podcast - Protecting Against Emerging Ransomware  
View full article
We have integration with the following RMM and PSA software:   Continuum   Kaseya   LabTech   Autotask   Connectwise   NinjaRMM   Atera   There are more integrations in the pipeline and I'll keep this list updated as they roll out.    
View full article
Learn how to secure your environment against ransomware
View full article