Would love to see full Application Control with the option to have a Change/Modify time window to be able to be added by policy.
What this would do is, when enabled, block any newly introduced application from running on the system that has this policy feature enabled. Only applications that are currently on the system/device would be allowed to run and any other attempts to run new or modify existing applications will be denied and an alert sent to admins.
The change/modify would be a separate option after enabling the above to temporarily allow you to modify or change system settings, install patches etc...
Nerds On Site
At the moment, 'not seen recently' gets displayed for an endpoint whether it hasn't been seen for 10 days or 6 months.
Please add the ability to have user defined, graded levels of severity, preferably with a traffic light option.
If a machine hasn't been seen for two weeks, I'm not overly concerned (the user could be on holiday and their machine not switched on). However, if a machine hasn't been seen for over a month then that bares investigating. If a machine hasn't been seen for 3 months, it would indicate some housekeeping or deep troubleshooting is in order.
Notification option if the Webroot agent is shutdown via a ticket or email (through the Continuum software).
We would like to make a feature request to have Webroot integrate with N-able RMM tool to send alerts, information, and anything relevant that can show up in the N-able console. Bonus would be an easy way to deploy Webroot through N-able.
We just got CryptoWall infection at one of custmoers with 1500 PCs.
Even though WSA client is capable to recognize new unknown processes starting on an endpoint, and even though it also reports it to the console, still the most important things are missing:
- send email alert to admins immediately when an endpoint reports new unknow process running on the endpoint
- be able to create a report in the console for a specific day that includes the new unknows started found on THE SPECIFIED DAY only
If we had these information, we possible could very quickly pinpoint the infection among the 1500 PCs.
Now we could not, because, just imagine, what is the best advice if you see files being encrypted on file server shares? Switch off the shares and disconnect the endpoints from LAN / INTERNET! Well, but then again, that would lead to several days off work, and you will be need to find the infected machine all offline.
So in our example, Saturday morning some user suddenly found encrypted files on a netwrok share. The share was swithed off. We saw the timestamps of HELP_DECRYPT.TXT files so we could see when the malware encrypted the files. It was Saturday morning. OK. Then, IF we had an alert about new unknowns of this Saturday then we could easily pinpoint out of 1500 clients which ones were running an unknown process at the time of encryption - and we could stop only these PCs and let others work.
So, I believe, as I told it in 2012 several times to Webroot already: sending alerts about caugth viruses to admins (meaning existing "Threat Detected" and "" reports) is simply useless as they contain information after auto-remediation (auto-quarantining the malware). Some email collectors may like to get these alerts, but they will really not have any job with it.
Rather, admins need to focus on hidden things running in the environments, and those are the unknowns.
We need alerts for each and every unknown process immediately, just as soon as they first run! That is what admins must take care about! And then admins will have a chance to stay in control.
WSA 6500+ endpoints inatalled and maintained daily, 11+ years with Webroot, 1 yr Webroot MSP
Generate Alerts when Aministrators log into the managment conole and make Policy changes,"The alerting/auditing feature request would be tied to the SSO/identity federation feature requests as well. Having either feature would be very useful."
Webroot should provide our download via Https rather than Http, “to give clients comfort that what they intend to receive is legitimate”.