Solved

Disable Agent Commands

  • 9 August 2018
  • 2 replies
  • 92 views

Hi there,
 
I'm currently trialing Webroot Endpoint for our business. I'm pretty impressed, but there's a combination of two things that I find a little worrying. I'm hoping someone can put my mind at rest!
 
I spotted the "Agent Commands" dropdown, which allows me to remotely send a variety of commands to an endpoint via the GSM. This includes some really powerful stuff like "Download and run a file" and "Run a DOS command". I'm concerned that if there's any way for an attacker to get access to GSM (either through my incompetence or a problem at Webroot), those options give them a massive amount of power to cause havok across the network.
 
That, combined with the lack of 2FA on GSM, seems to me to be a pretty huge potential security problem.
 
Is there a way to disable those options? Is there a reason that I shouldn't be worrying about that?
 
Any thoughts or advice would be much appreciated!
 
Thanks,
Rob.
icon

Best answer by browell 13 August 2018, 21:03

View original

2 replies

Badge +7
Hi and thanks for trialing Endpoint Protection,
Diabling Agent Commands can be done for individual Admins on your account.  At the moment, this is done in the Endpoint console for each Site in your GSM.  A feature to disable all Agent Commands for an Account has been on the list for a while now. I don't know when that would be available, but not in the short term.
 
The Security code secondary layer used in GSM is a good way to prevent brute force attacks to access your GSM and acts much like a captca does to protect against bots.  So it's not 2FA, but it's done a good job to protect our partners for the last 6 years.  2FA is also on the list of features under consideration for a future console update.  
OK, thanks for the reply. It's not great, to be honest, since if someone got access to the console they could just turn that feature back on, but I can lock it out for all but one accounts.
 
Looking back through the forums, 2FA seems to have been under consideration for several years now, so I won't hold my breath for that...
 
Thanks,
Rob.

Reply