As an RMM we transition a lot of people from other AV solutions to WebRoot. As always this means uninstalling the old version of the other software. Although we can do many of these via a command line utility using webroots AWESOME "Run a DOS command" advanced option it is still combersome to look up all the versions of software and issue multiple commands to do it. A simple "Remove Competive AV Products" option would be Great! Symantec for one, does NOT like to go quietly. Just give is the option of treating it like all the other malware and "Clean" it from the PC. This should be a fairly easy update and I'm sure a welcome one.
As a: Admin managing a Virtural Desktop Infastructure enviromnet.
I wish: I could deploy Webroot to the master image.
So that: I can more easily manage my endpoints. I don't have to clear out duplicate machines from my console every day/week. I have threat history for my virutial machines.
Virtual Desktop Infrastructure (VDI) environments provision a machine from a master image every time it is booted. Any changes that are made to the machine are lost during this session. This produces hole in the management of Webroot. The only way to get Webroot protecting these machines is to have them install Webroot on boot of the machine be it though group policy or some other management utility.
First, every time the machine boots we are doing a learning scan of the machine. Second, we get multiple instances of the machine in the console every time the machine is booted; which causes the admin to go through the console and deactivate machines that have not been seen recently.
Install Webroot on boot of the VM. Current deployment switches (-uniquedeivce or -clone) do not fix this. Admins can use the /group= deployment to force these machines into a group so that clearing out the extra instance is easier. More info on deployment can be found in the Deployment Document.
Currently installing Webroot on a VDI environment can only be done on boot of the machine. This causes a new instance of a machine in console every time a VDI machine boots.
Webroot should be deployable to the master image. And when booting a machine from that image Webroot should grab unique information about that machine instance in VDI to link it to a single instance in the console.
I believe the best way to tackle this is to create an install switch for VDI deployment. You would install to the master image with this switch. Then on every boot of the VM Webroot generates its Device MID and Instance MID information off of the combination of the Microsoft SID and hostname. I believe the SID is the same since the VDI loads the master image, then if we generate those MIDs based off the hostnames being booted from that image, every time it boots the MIDs will be the same. And the agent will report to the same instance in the console every time that VM boots from that master image.
Hi - I have an feature request for you guys.
It's regarding the Outbound Firewall and the way its currently managed to override currently blocked connections.
The way its being handled today if a user reports an issue where the Firewall currently blocks an connection that needs to be allowed, either you can change the endpoint to Unmanaged and do the bypass locally, or send the allow all processes blocked by the firewall command.
Both aren't really that user or admin friendy, the unmanaged option is time consuming for multiple endpoints and the allow all is not good from a security perspective.
So the feature request would be a better way to handle this. Something like an report to show all connections blocked by the firewall on an endpoint based level ( like Endpoints with undetermined software on last scan ) but Endpoints with firewall blocks on last scan, and where you can create overrides based on MD5 / application instead of everything currently blocked.
Best regards, Jonas Karlsson
It would be nice if the system could alert you if an endpoint hasn't completed a scheduled scan in x number of days. We've had a few workstations that had conflicts that kept the daily scans from running. An alert that notified me that these systems hadn't completed a scan in 3 days would have caught my attention. This would have allowed me to fix these systems quickly instead they went unscanned for multiple weeks.
Just for housekeeping sakes (as well as getting more accurate counts) it would be nice to be able to remove deactivated endpoints from the web console. Even better would be a routine that would remove them from across all your managed sites after X (user input provided) days.
For some reason, Secure Anywhere stopped working on several endpoints. It was weeks before we knew a problem actually existed, during which time one of the PCs was actually infected with a virus.
The only reason I found out was by looking on the web console at the "Last Seen" date and I noticed that several PCs had not been seen in weeks.
Rebooting those PCs and then installing the newer build of Secure Anywhere seemed to solve that problem. But, it would have been nice to know that there was a problem in the first place. The Secure Anywhere icon sat in the tray and looked like it was protecting us, but it was doing nothing. Right-clicking on it produced no results, and you couldn't even open the program.
I request a new alert be created that will e-mail the endpoint/PC name, date "Last Seen", and version fo Secure Anywhere if an endpoint has not been seen for a given number of days (that we can set on the alert).
I'd like to know when an endpoint hasn't been seen for more than 3 days as that is highly unusual in our organization...even when people are on vacation.
Desperately need an addition to the Console that allows administrators the ability to add exceptions or "whitelist" valid and legitmate websites. We have had numerous instances where users have attempted to visit a legitimate website (such as www.apexwin.com/us) and are presented with a message that the site contains malicious content and offers the option to close or allow.
We do not want users to have the ability to click "Allow" on every site they come across that presents this warning (as all they care about is getting to the site they want) and would rather have the ability to whitelist legitmate sites that users report they cannot access, just as we're able to do on any Web Filtering Appliance / Service.
I have seen numerous forums and discussion boards where many other Webroot customers desperately desire the same functionality. I saw where one of your developers said it is in the works, but that was more than half a year ago. Please expedite this Feature Request and add this functionality to your next version update. Thank You.
When an endpoint has journaled a program and stored info in a db###.db file, please have that fact avaliable in the console along with the created, last updated, and size of the journal.
The list of journaled data is already in WRData\Journal reg key.
Please make a report of endpoints that have checked in that are not on the latest software version. This indicates a problem on the client condition that must be addressed.