I was wondering why my site is always displaying the "endpoints need attention". I cleaned up the computers. I did many full scans after and all of them said Protected and did not show any infected files anymore. But in my console I see the "endpoints need attention, last threat on 11-16-2016 (2 days before)" for the same 2 computers. Is there a way to reset in the console so that they are now viewed as protected?
I don't know if you understand my issue...<
Solved! Go to Solution.
@audreylaliberte - This is a common question and the short answer is, they usually take a few days to cycle. If your policy poll setting is 24 hours (daily), then it could take up to 72 hours to clear at the site/GSM level. it's not going to be instant, so give it a few days. Just know, the endpoint is in good shape and has been remediated.
Keep in mind, there's really nothing you need to do once a machine has reported a threat. The WSAB agent has already remediated the file (put it in quarantine), rolled back any changes the file potentially performed and rescanned the machine for additional remnants and/or references.
I too was hoping the Needs Attention would go away but it just doesn't.
IMHO I also think that when attention is given and issue is resolved that the needs attention GOES AWAY! as it no longer needs attention. Then each time I open the control panel I dont want to see it since it really does not need my attention.. Or does it because it was re-infected and I need to check it again and again and again.. Frustrating.
I will move this to a product request, but Wouldn't it make more sense then, for the Needs Attention alert to read "Threat Detected and Removed" (like an unread status) and once you opened that site and reviewed it, it would disappear basically marking the alert as READ.. this would be much nicer.. I have technicians re-scanning the same machine for a day or two because it still says that it needs Attention. It should be clearer that action as already been taken.
Also I have had scenerios where Webroot will continue to find the same file over and over again after I have created an Over-Ride and marked it as Bad and told the agent to "Cleanup", it seems the only way to truly remove it is a remote session and manually open the local agent to approve the removal.
Couldn't agree more!! Would really really like to see a more descriptive status. "Threat Detected and Removed", or "Threat Detected and Quarantined", would be fantastic. Our Engineers are also wasting valuable time confirming that the threat has been removed because it keeps saying it "needs attention".
Also what would be VERY helpful would be if there was an Alert you could create for "Threat Detected - Remediation failed". As it stands right now I can only create an Alert for "Threat Detected". But in truth I really don't care to know every time a threat was detected. I just want to know when it was detected but unable to clean it.
All comments here have had valid points.
I too have had the issues with overrides.
I too have had clients that continue to say Needs Attention
I too (have made feature requests as well) needed Webroot to show me what action was already taken (threat remediated, threat could not be removed, file blocked but not quarantined, remove manually, whatever) because needing attention is vague, and combined with Needs Attention not updating, having true knowledge of what is going on is difficult at best, impossible at worse, and frustrating to open a client ticket to remediate an issue only to find Webroot did at the client end but the alert never went away on the GSM side.