We would like to be able to set an alert when an infected machine has been cleaned. Currently we have 10 technitions that have access to the console but its not always feasible for us to always log in when there is a virus reported and cleaned and we do not need to perform any actions.
Desperately need an addition to the Console that allows administrators the ability to add exceptions or "whitelist" valid and legitmate websites. We have had numerous instances where users have attempted to visit a legitimate website (such as www.apexwin.com/us) and are presented with a message that the site contains malicious content and offers the option to close or allow.
We do not want users to have the ability to click "Allow" on every site they come across that presents this warning (as all they care about is getting to the site they want) and would rather have the ability to whitelist legitmate sites that users report they cannot access, just as we're able to do on any Web Filtering Appliance / Service.
I have seen numerous forums and discussion boards where many other Webroot customers desperately desire the same functionality. I saw where one of your developers said it is in the works, but that was more than half a year ago. Please expedite this Feature Request and add this functionality to your next version update. Thank You.
Currently, we cannot see the applied policy on the local machine.
Usually, we would like to check the exact policy setting between the local and portal for troubleshooting.
We would like to find current applied policy name in the WRLog.log or any registry key.
here's another feature request! please give kudos if you like it or give comment if you don't.
The dashboard provides too little information, it basically shows which client have been infected in the past week and some licensing information. More could be done with very little effort. For many of those statistics little to no correlation is required, hence they are easy to generate.
Feature request: As a security person I'm interested to get dashboard infos for 2 main topics:
1) Where are the trouble spots in my network?
- Top 20 users with the most infections in the last 6 months
- Top 20 machines with the most infections in the last 6 months
- Top 20 users with the most often blocked websites in the last 6 months
- Top 10 of most often blocked malicious website URLs
- Most often seen malware or type of malware in the last x months
- Top 10 sources of malware (URL, IP, filename and/or network location)
2) Suspicious activity that deserves attention (potential outbreak)
- Top 10 uptake of new unseen software processes across all machines in the last x days (might be an outbreak)
- Top 10 unknown software processes by number of machines
- Machines that blocked suspicious outgoing connections
All our clients are centrally managed. Due to incompatibility between identity shield and our Oracle SSO software, we had to disable identity shield.
When a user opens the console the exclamation mark and warning is very confusing and might indicate a problem, where there isn't one. I recommend for managed environments to remove the warning and simply show a status message that the feature is disabled.
In Endpoint Reports, if you have a large Group you run a report on e.g. 'undetermined software' it should display how many pages have been returned e.g. page 1 of 10. Currently you have no idea how many records have been returned.
Secondly to that, there should be a 'go to page #' option so you can jump through the pages more quickly.
Also a very important thing to fix is when you sort by a field, e.g. Hostname, it's only sorts the result page you are on and not the whole recordset the query has returned. You'd find that results that should be displayed on page 1 are displaying on other pages.
these little features/fixes will make it much easier
We currently manage 1350 endpoints over 50+ clients, and as you can imagine administering these can be a little difficult.
Machines are constantly being replaced / reinstalled, leaving stale Webroot agents in the console ...
It would be really, really nice for us to have a report that basically showed all of the agents that haven't checked in for a set amount of time, probably 30 days.
I can't see this being too hard to create, and this would be very, very benificial to us!
I look forward to your response.
With the recent new client negatively affecting quite a few of our servers I would like to request that Policies have the option to implement a delay feature for updating to the latest client. My plan to use this feature would be that our Servers policy would have a 3-5 day delay from when a new client is released to we can buffer any issues with a new client release.
We would have a 'Test' server group policy without using the delay so we could identify any problems that may arise with the new client but yet not affect our production server group. In the event of an issue we could even disable the updating of new clients if needed for the production servers. This would be similar to how we stage out MS Windows updates.
When you have a couple of hundred machines and you looking at the "Group Management" tab and you see the "last seen" or "agent version" columns. When we select them the system only sorts the displayed page, it should go back and sort all the pages and then display the new results. The one page sorts are not helpful.
The "agent version" sorts as a number and not as the version. A sort pattern would look like "22.214.171.124", "126.96.36.199", "188.8.131.52", "184.108.40.206", "220.127.116.11". The sort is out of order if you use the number, if you are going to sort the version number needs to always be three digits to support the sort or the sort needs to be fixed. (probably easier to include the zero).