As a Managed Services Provider, I would like to be able to automate the ability to run a report across my 40+ clients to see which computers or servers have not been seen in x amount of days. Currently this is a time consuming manual process.
so i have several ideas to "optimize" the visibility of the firewall tab here (in PC Security > View Active Connections)
1- we could be able to sort the processes alphabetically or by activity (see point 2)
2- add a column called "status" (see screenshot) where we can see at first sight which connection are currently active
The one below is not really necesary but may be convenient.
3- add a link to this tab to tray icon called "Control Active Connections) , which would complement "Control Active Processes"
Would be helpful , comments are welcome.
Thanks for reading.
From the beginning I use Webroot, I find a way to bloc unowned active files (exe, bat, dll, scr....) when they want to stay in user profile.
Using Webroot alert for all unowned files sometime bloc Windows files.
When creating a black list exception in Webroot, only MD5 can be use contrary to white list where folder and file extension can be set.
What is the Webroot response for this demand ?
Quite often when a machine gets reimage this results in an extra endpoint appearing in the console and we have to go in and deactive the old endpoint, which then results in a large build up of deactivated endpoints. Other feature requests are asking to let us delete these which is being refused due to preserving history.
Can we have another option. Allow me to select multiple endpoints and choose merge. In the merge dialog I get to pick which is the active endpoint (preselect the one that has been seen the most recently). Then the console will
Additionally provide an alert that notifies of duplicate names being created to help pick up on these.
I have just spent two hours with a client install of software (in this case, Matrox Design Assistant, but there have been other times). This is a 1.3GB package that installs multiple modules.
I have conclusively seen that the install took forever (as in, over an hour) --until I disabled Webroot, at which time things went from molasses to Warp 5. During that time, I saw no alerts from Webroot, no notes it had found problems, no issues. This is one of several times I have found that Webroot significantly slows down or even halts a process --but doesn't show me it is doing so, be it in the GSM, or at the client level (IMO, it should do both). And to even test, I have to take said system, move its policy to "Unmanaged" so I can set it to "Allow client to be shut down manually", so I can test, then reverse the process. This is a clunky way of doing things.
What I need is a policy that has a "Temporarily Disable Webroot for 15 minutes" option (perhaps with a settable time), just a right-click of the icon in the taskbar. After 15 minutes, it auto enables itself again. I have seen this with Symantec Endpoint Protection, and it's amazing for ferretting out small issues, especially in an environment where Webroot is telling me nothing. This lets me know right away if Webroot is holding up a process in a way I don't want, even if once that process is installed, everything is fine and it will never alert to a virus. I need to be able to offer this as part of a policy, so that I can do this very temporarily for clients, or better yet, do it, and then Webroot prompts me for a password (that only I have) in order to complete the temporary disable, so that no-one who sees the option can use it without the password. This is super high priority to me, to prevent a waste of my time troubleshooting why a product isn't installing right when deploying to a client.
Hello Support Team,
We are looking to have Webroot Automatically clean machines that "Need Attention" instead of having to manually start a clean up. We would then apply this to the Global Workstation Policy. Is there a way to set this up? We are looking for minimal Webroot interaction at this point. Thank you for your help today.
Need a way to automate the assigning of policies for a client. When a device enters the system WebRoot only has the default policy option and it is only 1 option. I would like a way to allow at least 2 default policy options. 1 for servers and 1 for workstations so that we can get away from having to connect to the console and then apply the correct policy to devices within as they are added.
I'd like to request a feature, we are currently upping all of the security for the services that we purchase from various companies by using Google Authenticator.
I've asked with Webroot support if such feature currently exists that you are prompted for a authenticator code when logging in to the business console and I was asked to do a feature request.
We just got CryptoWall infection at one of custmoers with 1500 PCs.
Even though WSA client is capable to recognize new unknown processes starting on an endpoint, and even though it also reports it to the console, still the most important things are missing:
- send email alert to admins immediately when an endpoint reports new unknow process running on the endpoint
- be able to create a report in the console for a specific day that includes the new unknows started found on THE SPECIFIED DAY only
If we had these information, we possible could very quickly pinpoint the infection among the 1500 PCs.
Now we could not, because, just imagine, what is the best advice if you see files being encrypted on file server shares? Switch off the shares and disconnect the endpoints from LAN / INTERNET! Well, but then again, that would lead to several days off work, and you will be need to find the infected machine all offline.
So in our example, Saturday morning some user suddenly found encrypted files on a netwrok share. The share was swithed off. We saw the timestamps of HELP_DECRYPT.TXT files so we could see when the malware encrypted the files. It was Saturday morning. OK. Then, IF we had an alert about new unknowns of this Saturday then we could easily pinpoint out of 1500 clients which ones were running an unknown process at the time of encryption - and we could stop only these PCs and let others work.
So, I believe, as I told it in 2012 several times to Webroot already: sending alerts about caugth viruses to admins (meaning existing "Threat Detected" and "" reports) is simply useless as they contain information after auto-remediation (auto-quarantining the malware). Some email collectors may like to get these alerts, but they will really not have any job with it.
Rather, admins need to focus on hidden things running in the environments, and those are the unknowns.
We need alerts for each and every unknown process immediately, just as soon as they first run! That is what admins must take care about! And then admins will have a chance to stay in control.
WSA 6500+ endpoints inatalled and maintained daily, 11+ years with Webroot, 1 yr Webroot MSP