Currently, the solution to managing endpoints that are non-internet facing is such:
Endpoints must be connected to the internet to install and register the SecureAnywhere agent. Once installed, your organization may choose to take certain endpoints offline. These endpoints will still be protected.
SecureAnywhere provides the strongest protection when connected to the Internet; however, it can still provide significant protection when offline. When SecureAnywhere is installed, all software currently on your PC is monitored for change and inventoried. As an example: if a malicious file or program were to enter a system via removable device, such as a USB drive, this file would be inventoried by SecureAnywhere and removed. If you were to take that endpoint offline and insert the same USB drive, SecureAnywhere would block it immediately. In addition, if a mutated iteration of the infection were to enter the system, that version would also be blocked due to our genetic signatures.
Should new software with no relation to software currently installed on the PC be introduced while offline, special heuristics will be applied automatically (you can adjust these under Settings > Heuristics > Offline). SecureAnywhere will assess the intent of new programs before allowing them to execute. If a threat does enter the system successfully, the behavioral detection will identify the application and remove it. Additionally, any suspicious program that may have passed the layers of local checks is monitored very closely. SecureAnywhere notes any files, registry keys, and memory locations which are changed by the suspicious application. If that application is confirmed as malicious after the PC reconnects to the Internet, SecureAnywhere will alert the user, clean up the threat, and revert any changes the threat made to the system. If a modification is attempted that SecureAnywhere will be unable to revert, the change is blocked automatically and the user is notified.
This approach is stronger than that which most conventional antivirus products can offer. Due to the changeable nature of malware, other products’ signature databases become out-of-date easily, and offline systems remain vulnerable to emerging threats. Even if a threat were detected and removed upon reconnecting an endpoint to the Internet, any changes made by the malicious item could not be undone without a System Restore or reversion to an earlier image. In addition to advanced heuristics, SecureAnywhere leverages behavior interpretation and tracking components at all times to provide formidable protection against malware – even offline.
We hope you find this information useful. If you have further questions or require assistance, please reply to this message.
I propse an onsite application, or proxy server, that would reside in a DMZ. This server, would take the endpoint check-ins and other console communication, and send it to the cloud hosted console. Not being able to query the status of these systems is a big problem. The alternative is if the client has a UTM appliance that can proxy HTTP/HTTPS to only *.webrootcloudav.com/*, and default deny everything else. Lukily we have this in place, but I know may sysadmins that do not.
Let's start with an example screenshot, in this case, of the Agent Spread report:
I would very much like to see the group each computer is in in the bottom list, not just the Hostname (note: I redacted ours as well as the group list for security). It's very likely I won't automatically know which of 100 clients a given hostname belongs to without seeing this, and this is common in more than one report. Anywhere a report generates a list of computer names, I would like the option of being able to see the group it is in as well.
Obviously, the agent is reporting back with a lot of information because you can search for things such as serial number and username. While you can search for these fields you cannot view them anywhere?
I'd like to view more information when I select an endpoint.
I'd like to customize the columns in endpoints view and add fields such as username or IP address.
I have had a couple of computers which users somehow have un-installed Webroot. I suspect they may have had an encounter with Malware or perhaps a hacker... Is there a way to setup an Alert to email me when a endpoint has either been uninstalled or has not been "seen" in a certain amount of time? can the time be adjustable? Like if it is a standard PC that has not been seen I could adjust it to not seen in 24 hours or Set a Server to not been seen in the last 2 hours...
as far as I noticed there is a big problem with proper work of download and run file command.
It's working only for a few URLs(for me for no one) I'd like to ask about improve it and make it work for many application, for example java, flash playe etc.
It would give huge tool for admin to for example update application it will be a huge advantage for a customer whos considering to buy webroot.
I manage 1200+ endpoints so I have a lot of deactivated ones. I have to scroll through 13 pages of endpoints every day to see if any endpoints have started checking in again so I can reactivate them.
Either highlighting this information on the status page or letting me run a report about it would be much appreciated.
Not sure if this is the spot as I know that Webroot Web Security Service may be combined w/ SecureAnywhere...but in the mean time I'd like to be able to display more than 200 entries and I would love to have it keep my preferences when I set to view 50 groups rather than resetting back to 20. The same goes for all the areas for setting a view...
Also, the sorting of users/groups defaults back after you make a change then you have to go back and re sort before making another change.
I have over 200 users and it's a bit awkward sorting under the users tab being limitied to only displaying 200 rows and then the next time going back in and having to set it again...
Perhaps some type of save configuration?
Thanks for listening