cancel
Showing results for 
Search instead for 
Did you mean: 
New Voice

Endpoints needs attention, even after clean up...

 Hi,

 

I was wondering why my site is always displaying the "endpoints need attention". I cleaned up the computers. I did many full scans after and all of them said Protected and did not show any infected files anymore. But in my console I see the "endpoints need attention, last threat on 11-16-2016 (2 days before)" for the same 2 computers. Is there a way to reset in the console so that they are now viewed as protected?

 

I don't know if you understand my issue...<

 

Thanks !

6 REPLIES
Sales Engineer

Re: Endpoints needs attention, even after clean up...

@audreylaliberte - This is a common question and the short answer is, they usually take a few days to cycle. If your policy poll setting is 24 hours (daily), then it could take up to 72 hours to clear at the site/GSM level. it's not going to be instant, so give it a few days. Just know, the endpoint is in good shape and has been remediated.

 

Keep in mind, there's really nothing you need to do once a machine has reported a threat. The WSAB agent has already remediated the file (put it in quarantine), rolled back any changes the file potentially performed and rescanned the machine for additional remnants and/or references.


Shane Cooper | Sr Systems Engineer - Webroot
New Member

Re: Endpoints needs attention, even after clean up...

Just curious, what is the purpose for this? If it doesn't need attention because of automatic remediation then why does it need attention? Sorry, maybe I'm too literal but wouldn't a more specific alert be more useful?
New Member

Re: Endpoints needs attention, even after clean up...

I too was hoping the Needs Attention would go away but it just doesn't. 

Capture.JPGNeeds attention. Smiley FrustratedIMHO I also think that when attention is given and issue is resolved that the needs attention GOES AWAY! as it no longer needs attention. Then each time I open the control panel I dont want to see it since it really does not need my attention.. Or does it because it was re-infected and I need to check it again and again and again.. Frustrating.

Frequent Voice

Re: Endpoints needs attention, even after clean up...

I will move this to a product request, but Wouldn't it make more sense then, for the Needs Attention alert to read "Threat Detected and Removed" (like an unread status) and once you opened that site and reviewed it, it would disappear basically marking the alert as READ.. this would be much nicer.. I have technicians re-scanning the same machine for a day or two because it still says that it needs Attention. It should be clearer that action as already been taken.

Also I have had scenerios where Webroot will continue to find the same file over and over again after I have created an Over-Ride and marked it as Bad and told the agent to "Cleanup", it seems the only way to truly remove it is a remote session and manually open the local agent to approve the removal.

Highlighted
New Member

Re: Endpoints needs attention, even after clean up...

Couldn't agree more!!  Would really really like to see a more descriptive status.  "Threat Detected and Removed", or "Threat Detected and Quarantined", would be fantastic.   Our Engineers are also wasting valuable time confirming that the threat has been removed because it keeps saying it "needs attention".  

 

Also what would be VERY helpful would be if there was an Alert you could create for "Threat Detected - Remediation failed".  As it stands right now I can only create an Alert for "Threat Detected".  But in truth I really don't care to know every time a threat was detected.  I just want to know when it was detected but unable to clean it.  

Community Guide

Re: Endpoints needs attention, even after clean up...

All comments here have had valid points.

 

I too have had the issues with overrides.

 

I too have had clients that continue to say Needs Attention

 

I too (have made feature requests as well) needed Webroot to show me what action was already taken (threat remediated, threat could not be removed, file blocked but not quarantined, remove manually, whatever) because needing attention is vague, and combined with Needs Attention not updating, having true knowledge of what is going on is difficult at best, impossible at worse, and frustrating to open a client ticket to remediate an issue only to find Webroot did at the client end but the alert never went away on the GSM side.


We are SysAdmins.
We walk in the wiring closets no others will enter.
We stand on the bridge, and no malware may pass.
We engage in tech support, we do not retreat.
We live for the LAN. We die for the LAN.