cancel
Showing results for 
Search instead for 
Did you mean: 

Endpoint Protection and GSM KB

Top Contributors
Sort by:
Question How do I Enable/Disable Webroot Filtering Extensions in Endpoints? Answer This solution addresses Webroot SecureAnywhere Business - Endpoint Protection Internet Explorer With the release of Webroot PC agent version 9.0.3 and the Web Filter version 1.2, the Web Filtering browser extension for Internet Explorer is now installed automatically, without prompting. In addition, the extension cannot be removed from the browser directly but can be removed via the Webroot PC agent user interface. Follow these steps to disable the extension in Internet Explorer. Close all open instances of Internet Explorer Open the Webroot SecureAnywhere PC agent interface On the Main screen, click the Advanced Settings button in upper right corner Select Firewall / Web Shield from the left hand column. Uncheck the box for Activate browser extensions. If the Captcha feature is enabled, enter the requested Captcha and press Continue. Close the settings window using the "X" in the upper right corner. Upon restart of the browser, the Webroot Web Filtering extension is removed. Note : The browser extensions provide important protection features including detection and blocking of malicious websites, search annotations for search engine results from Google, Yahoo and Bing as well as Realtime Anti-phishing protection. If the browser extensions are not activated this protection is not available. Firefox ESR (Extended Support Release) and Chrome (on domain managed machines only) With the release of Webroot PC agent version 9.0.3 and the Web Filter version 1.2, the Web Filtering browser extensions for these browsers are now installed automatically, without prompting. Note : in FireFox ESR the Webroot Web Filtering browser extension is not displayed in the Add-ons Manager at all due to the enforced installation. In addition, the extensions cannot be removed from these browsers directly but can be removed via the Webroot PC agent user interface. Follow these steps to disable extensions. Close all open instances of the browsers Open the Webroot SecureAnywhere PC agent interface On the Main screen, click the Advanced Settings button in upper right corner Select Firewall / Web Shield from the left hand column. Uncheck the box for Activate browser extensions. If the Captcha feature is enabled, enter the requested Captcha and press Continue. Close the settings window using the "X" in the upper right corner. Upon restart of the browser, the Webroot Web Filtering extension is removed. Note : The browser extensions provide important protection features including detection and blocking of malicious websites, search annotations for search engine results from Google, Yahoo and Bing as well as Realtime Anti-phishing protection. If the browser extensions are not activated this protection is not available.
View full article
  What is CryptoLocker? CryptoLocker is most often spread through booby-trapped email attachments and uses military grade encryption. The malware can also be deployed by hacked and malicious web sites by exploiting outdated br owser plugins.    Webroot's Threat Brief on CryptoLocker   Can Webroot Protect Customers Against It?   Encrypting ransomware (Cryptolocker, CTB Locker, Crtroni, Cryptowall, ect.) is a very difficult infection to remediate because it uses the RSA public-key encryption algorithm to encrypt user files using unique encryption keys for each computer. Once a user’s files are encrypted this way, it is next to impossible to decrypt them without access to the private key that is stored on the remote servers in use by the malware author(s). There are no tools currently that are capable of decrypting these files without the private key. As long as SecureAnywhere is installed prior to infection, All encrypting ransomware should be detected and removed before it is allowed to make any changes on the computer. Threat Research has many rules in place already to detect the known variants of Cryptolocker at or before execution, but it is important to remember that malware is constantly changing and we cannot guarantee that we will initially detect all new variants.   For best practices on securing your environment from encrypting ransomware please see our community post: https://community.webroot.com/t5/Webroot-Education/Best-practices-for-securing-your-environment-against/ta-p/191172       Read more about CryptoLocker in these posts on the Webroot Community: Additional Conversations About CryptoLocker   CryptoLocker malware targeting the UK - comment from Webroot    NCA warns UK of mass CryptoLocker ransomware attacks - comment from Webroot
View full article
Webroot now has an integration with Labtech.  Watch this video to learn more about how that works   Q. What is Labtech?   A. Labtech is a remote monitoring and management (RMM) platform used by IT service providers to manage the environments of the businesses they support   Q. What benefit does integrating with Webroot bring? A. It allows you to manage your Endpoint installations from one convenient tool, rather than have to go to multiple locations for each software package that you support as an MSP   Q. Where can I learn more after watching this? A. Here a link with more information.   Q.  Enough with the questions, can we get to the video now? A. Sure thing, here it is:  
View full article
WSABLogs is a utility written by Webroot’s QA department. This utility gathers Webroot SecureAnywhere Business software operation information which includes: • Webroot software operation logs • Webroot software scan logs • System and Application Event logs • Windows MiniDumps • Network Configuration data • Registry data pertaining to the operation of the software or common registry locations used to launch malware from • Webroot program file information • Key directly listings (using dir function ) including directories that are known to house malware • Scheduled Task data • The Hosts file • System MSD   This document is intended for automation and command line usage as this same utility is normally run from agent commands in the console.    The tool can be downloaded here and the instructions are attached as a PDF.
View full article
When attempting to use proxy settings with Webroot SecureAnywhere Business – Endpoint Protection, there are two methods to allow the Webroot product to communicate with our cloud servers. These are listed below.  -- -- -- -- -- -- -- -- -- --   Option 1: Enter a proxy bypass (Recommended)   Enter a proxy bypass for g*.p4.webrootcloudav.com   Note: if you choose this option, be sure that the wild card mask (*) is supported.  If not, you will need to add 100 separate URL's, e.g. [g1, g2, g3, ..., g99, g100].   -- -- -- -- -- -- -- -- -- --   Option 2: Enter proxy information on each endpoint   Note: This option is only recommended if you are unable to use option 1.    1.       Open the SecureAnywhere Endpoint Protection Group Management tab, open a group, and select an endpoint. 2.       In the Policy column of the selected endpoint, double-click its policy name to open a list of available policies. 3.       Select the unmanaged policy and apply.  A red flag on the new policy name reminds you that you’ve made a change. 4.       Click Save Changes.   Once applied, go to each individual endpoint workstation and follow the instructions below.   5.       Open SecureAnywhere Endpoint Protection from the system tray icon. 6.       Click Settings. 7.       In the Settings window, open the Proxy tab. 8.       Enter your proxy information. 9.       Click Save All to save your changes.   After entering the proxy information, you can move the machine back to the original policy.   Tip:  The best way to test proxy settings is to ensure there is no Internet access via the default gateway.  You can hardcode an IP address and subnet mask for the endpoint’s network card without adding a default gateway or DNS server. As long as the proxy server is on the same subnet, you can be sure that the only Internet access is via the proxy server.   If you are not using a proxy to filter traffic but a firewall is in place, please allow Webroot’s path masks through the firewall, listed below:   *.webrootcloudav.com   (this will cover the g-url’s as well as several other target addresses)   *.*.webrootcloudav.com (some devices don’t like a single * for urls that contain dots in the value of *)   *.p4.webrootcloudav.com (in case a device doesn’t like multiple *’s)   *.compute.amazonaws.com (this will cover inbound communication from the Amazon cloud servers)   *.webroot.com (for future communications)   *.webrootanywhere.com (for future communications)
View full article
Sometimes Webroot Support may ask for a packet capture when troubleshooting an issue for you, or you may wish to obtain a packet capture for yourself.  Here is how to do that: Hold down the Ctrl key and right-click the DWP tray icon.   Select Network Packet Capture from the pop-up menu. The Network Packet Capture window opens with the path to your desktop selected. The desktop is the default output path.   Click Start Capture to accept the default folder, or Browse to another folder and then click Start Capture.   Click Close to hide the window. A notification bubble opens over the DWP icon periodically, reminding you that the capture is running:   When you have captured enough data to recreate the problem you’re troubleshooting, Ctrl/right-click the DWP icon to open the Network Packet Capture window and click Stop Capture. The capture results are available in the DWP_Pcaps folder on your desktop or other specified location. The folder is identified by the date and time of the capture. The DWP_Pcaps folder contains one folder for each capture, which contains a .pcap file for each adapter found, and the AdapterNames.txt file. For example:   If support has requested the packet capture, please follow up with them.  You can contact technical support to determine the best way to send the .pcap files to them. These files are very large.   US Business Support: 877-612-6009 Email: saassupport@webroot.com UK/EMEA Phone: +44 (0) 800-804-7015 Email: saassupport@webroot.com APAC Business Support outside of Australia: +61 (0) 2-8071-1903 Support in Australia: (Free Call) 1-800-212-640 Email: saassupport@webroot.com
View full article