light bulb

Did You Know?

New Idea

As a: Admin managing a Virtural Desktop Infastructure enviromnet.

I wish: I could deploy Webroot to the master image.

So that: I can more easily manage my endpoints. I don't have to clear out duplicate machines from my console every day/week. I have threat history for my virutial machines.

Virtual Desktop Infrastructure (VDI) environments provision a machine from a master image every time it is booted. Any changes that are made to the machine are lost during this session. This produces hole in the management of Webroot. The only way to get Webroot protecting these machines is to have them install Webroot on boot of the machine be it though group policy or some other management utility.

First, every time the machine boots we are doing a learning scan of the machine. Second, we get multiple instances of the machine in the console every time the machine is booted; which causes the admin to go through the console and deactivate machines that have not been seen recently.

Install Webroot on boot of the VM. Current deployment switches (-uniquedeivce or -clone) do not fix this. Admins can use the /group= deployment to force these machines into a group so that clearing out the extra instance is easier. More info on deployment can be found in the Deployment Document.

Actual Result
Currently installing Webroot on a VDI environment can only be done on boot of the machine. This causes a new instance of a machine in console every time a VDI machine boots.

Expected Result
Webroot should be deployable to the master image. And when booting a machine from that image Webroot should grab unique information about that machine instance in VDI to link it to a single instance in the console.

Proposed Fix
I believe the best way to tackle this is to create an install switch for VDI deployment. You would install to the master image with this switch. Then on every boot of the VM Webroot generates its Device MID and Instance MID information off of the combination of the Microsoft SID and hostname. I believe the SID is the same since the VDI loads the master image, then if we generate those MIDs based off the hostnames being booted from that image, every time it boots the MIDs will be the same. And the agent will report to the same instance in the console every time that VM boots from that master image.

 Hi - I have an feature request for you guys.


It's regarding the Outbound Firewall and the way its currently managed to override currently blocked connections.


The way its being handled today if a user reports an issue where the Firewall currently blocks an connection that needs to be allowed, either you can change the endpoint to Unmanaged and do the bypass locally, or send the allow all processes blocked by the firewall command.


Both aren't really that user or admin friendy, the unmanaged option is time consuming for multiple endpoints and the allow all is not good from a security perspective.


So the feature request would be a better way to handle this. Something like an report to show all connections blocked by the firewall on an endpoint based level ( like Endpoints with undetermined software on last scan ) but Endpoints with firewall blocks on last scan, and where you can create overrides based on MD5 / application instead of everything currently blocked.


Best regards, Jonas Karlsson

When an endpoint has journaled a program and stored info in a db###.db file, please have that fact avaliable in the console along with the created, last updated, and size of the journal. 


The list of journaled data is already in WRData\Journal reg key.

Please make a report of endpoints that have checked in that are not on the latest software version. This indicates a problem on the client condition that must be addressed. 

For some reason, Secure Anywhere stopped working on several endpoints.  It was weeks before we knew a problem actually existed, during which time one of the PCs was actually infected with a virus.

The only reason I found out was by looking on the web console at the "Last Seen" date and I noticed that several PCs had not been seen in weeks.

Rebooting those PCs and then installing the newer build of Secure Anywhere seemed to solve that problem.  But, it would have been nice to know that there was a problem in the first place.  The Secure Anywhere icon sat in the tray and looked like it was protecting us, but it was doing nothing.  Right-clicking on it produced no results, and you couldn't even open the program.


I request a new alert be created that will e-mail the endpoint/PC name, date "Last Seen", and version fo Secure Anywhere if an endpoint has not been seen for a given number of days (that we can set on the alert).

I'd like to know when an endpoint hasn't been seen for more than 3 days as that is highly unusual in our organization...even when people are on vacation.




Status: Under Consideration

This one has been evaluated by the escalations team and entered into our database - still awaiting prioritization.

Website Exception Management in Console

Status: Under Consideration
by ParkCountyGov ‎02-05-2014 05:53 PM - edited ‎02-05-2014 05:58 PM

Desperately need an addition to the Console that allows administrators the ability to add exceptions or "whitelist" valid and legitmate websites.  We have had numerous instances where users have attempted to visit a legitimate website (such as and are presented with a message that the site contains malicious content and offers the option to close or allow.


We do not want users to have the ability to click "Allow" on every site they come across that presents this warning (as all they care about is getting to the site they want) and would rather have the ability to whitelist legitmate sites that users report they cannot access, just as we're able to do on any Web Filtering Appliance / Service.


I have seen numerous forums and discussion boards where many other Webroot customers desperately desire the same functionality.  I saw where one of your developers said it is in the works, but that was more than half a year ago.  Please expedite this Feature Request and add this functionality to your next version update.  Thank You.

Status: Under Consideration
Re-opening this one pending discussion with dev.

Changing key code for endpoint

Status: New
by Frequent Voice on ‎10-01-2014 05:50 AM

When you want to change key code for current endpoint it is simple but when you open a list of your keycodes, exacly, they are only keycodes. It will be great if you give option for adding name for key code - for example : lkasj-809asd-asdasd12-asd1 (Barber Shop)

USB scan

Status: New
by Webroot Employee on ‎06-19-2014 09:00 AM

I am creating a request on behalf of one of our customers regarding the ability of Webroot to automatically scan USB's as they connect to a device. They would like this to be a feature that can be turned on/off from the Policies in the online Management Console.




Context sensitive options destroy usability

Status: Reviewed
by Community Expert Advisor explanoit ‎01-06-2015 08:32 AM - edited ‎01-06-2015 09:32 AM

When I see an endpoint in the console, I should see a full list of all commands I can send to it. When I run an Undetermined Software report, I don't want to just create overrides. I want to send reverify commands.


In the list of endpoints encountering threats, I don't just want to see the blocked programs. I want to send commands to it.


Please stop removing my choices of what I can do with your product. 

Status: Reviewed

More useful information on undetermined software

Status: New
by Community Guide regnor on ‎10-30-2014 03:44 AM

As many here in the community have stated it's hard to get an overview over the undetermined software in the Webroot console. I can confirm that by myself as an export of the list contains more than 1000 entrys, which is the current limit for the export so there will probably be much more.

Of course undetermined/unknown software by itself doesn't have to be bad at all, but there are many cases where you need to get an overview what software is unkown to Webroot:

  • software which produces much data -> results in big rollback files on the client
  • driver installations -> should get whitelisted
  • software where WSA blocks certain functions
  • PUA which won't be detected by Webroot
  • new malware or malware which won't be in the wild

I would recommend to add additional information fields:

  • rollback database size
  • rollback database name(local on the client,dbXXXXX.db)
  • risk estimation: a counter which shows how deep or dangerous changes by the software are( runs in user context or does require admin rights, installs driver/service, changes C:\windows\* files,...)
  • root process: which process/executable created the undetermined files

Also additional filters:

  • file extension (eg. show only .exe)
  • filter by product (a single unknown executable can produces countless additional files)


Also it's very important that the 'out of sort' problem gets resolved in the near future: