cancel
Showing results for 
Search instead for 
Did you mean: 

Knowledge Base - Business

Top Contributors
Sort by:
Welcome to the Webroot Community!   We are very happy to have you here, and want to make sure you feel comfortable navigating through the Webroot Community. To get you started, we have created some quick start guides for common questions:   Introduce Yourself! Community Guidelines Editing and Deleting Posts Bookmarks and Subscriptions Tagging Other Users Quoting Other Users Adding a Signature Adding your country badge Changing Your Avatar What is the Webroot VIP Program? Meet the Webroot Community Team   In addition, you can always ask one of our friendly community members and moderators for assistance at any time, as we are always happy to help!  
View full article
Submitting a support ticket is often the easiest way to get an issue resolved. Below are instructions on how to create a support ticket:   For Home Users Click this link to begin Enter your email address in the field provided and click "continue" If you have contacted support before, you will be prompted to enter your previous password. Once you are logged in you can "send another message" If you have not contacted support before, you will be prompted to create an account by clicking "sign up now". Once you have registered, you will be able to "send a message" For Business Users Click this link to begin If you have contacted support before, click the login button.  If you have not contacted support before, click the "start new ticket" button  
View full article
We are continuously developing new material to help protect individuals against ransomware and other threats. Here are a few of our recent publications that you may share with your friends, family, and co-workers.   Whitepaper - Q&A The Truth About Crypto Ransomware   Webinar - Defeating Polymorphic Phishing   Webinar - Cloud Security Best Practices for Defending Against APTs   Podcast - Protecting Against Emerging Ransomware  
View full article
We have integration with the following RMM and PSA software:   Continuum   Kaseya   LabTech   Autotask   Connectwise   NinjaRMM   Atera   There are more integrations in the pipeline and I'll keep this list updated as they roll out.    
View full article
Learn how to secure your environment against ransomware
View full article
Question How do I Enable/Disable Webroot Filtering Extensions in Endpoints? Answer This solution addresses Webroot SecureAnywhere Business - Endpoint Protection Internet Explorer With the release of Webroot PC agent version 9.0.3 and the Web Filter version 1.2, the Web Filtering browser extension for Internet Explorer is now installed automatically, without prompting. In addition, the extension cannot be removed from the browser directly but can be removed via the Webroot PC agent user interface. Follow these steps to disable the extension in Internet Explorer. Close all open instances of Internet Explorer Open the Webroot SecureAnywhere PC agent interface On the Main screen, click the Advanced Settings button in upper right corner Select Firewall / Web Shield from the left hand column. Uncheck the box for Activate browser extensions. If the Captcha feature is enabled, enter the requested Captcha and press Continue. Close the settings window using the "X" in the upper right corner. Upon restart of the browser, the Webroot Web Filtering extension is removed. Note : The browser extensions provide important protection features including detection and blocking of malicious websites, search annotations for search engine results from Google, Yahoo and Bing as well as Realtime Anti-phishing protection. If the browser extensions are not activated this protection is not available. Firefox ESR (Extended Support Release) and Chrome (on domain managed machines only) With the release of Webroot PC agent version 9.0.3 and the Web Filter version 1.2, the Web Filtering browser extensions for these browsers are now installed automatically, without prompting. Note : in FireFox ESR the Webroot Web Filtering browser extension is not displayed in the Add-ons Manager at all due to the enforced installation. In addition, the extensions cannot be removed from these browsers directly but can be removed via the Webroot PC agent user interface. Follow these steps to disable extensions. Close all open instances of the browsers Open the Webroot SecureAnywhere PC agent interface On the Main screen, click the Advanced Settings button in upper right corner Select Firewall / Web Shield from the left hand column. Uncheck the box for Activate browser extensions. If the Captcha feature is enabled, enter the requested Captcha and press Continue. Close the settings window using the "X" in the upper right corner. Upon restart of the browser, the Webroot Web Filtering extension is removed. Note : The browser extensions provide important protection features including detection and blocking of malicious websites, search annotations for search engine results from Google, Yahoo and Bing as well as Realtime Anti-phishing protection. If the browser extensions are not activated this protection is not available.
View full article
  Global whitelist overrides can now be set on a file or folder level as well as the traditional MD5 level in Endpoint Protection. This upgrade allows greater flexibility in the deployment of overrides and means that multiple related MD5 overrides no longer have to be whitelisted individually, instead the whole associated directory can simply be whitelisted.   To create a whitelist override:   From the Site console, click the Overrides tab.   The system displays the Overrides panel, with the Whitelist pane active.         2. Click the Create button         The system displays the Create override window.         3. To create an MD5 override type, do the following:   In the Override Name field, enter a name for the override Make sure the MD5 radio button is selected. In the MD5 field, enter the 32-character unique identifier for the file. Select either the No or Yes Apply to Policy radio button Click the Save button   4. To create a Folder/File override, continue with this procedure.   Note: To use Folder/File overrides, please ensure endpoints are running version 9.0.1 or higher of Webroot SecureAnywhere Endpoint Protection. Earlier versions support MD5 overrides only.   5. In the New Whitelist Entry window, select the Path/File radio button.          The system displays the Create override window with relevant fields.     6. Use the information below to populate the fields.   Override Name = Enter a name for the override Override Type = The type of ovveride selected, Path/File in this case. File Mask = Target a file or group of files by specifying a file mask with optional wildcards, for example, *.exe to target all executable files in the selected folder. This will default to all files in the selected folder/path if not specified. Path/Folder Mask =  The folder to target with the override. You can specify an absolute path, for example, ‘x:\myfolder\’ or a system variable with optional path, for example, ‘%SystemDrive%\myfolder’. Default supported environment variables are displayed when you type ‘%’ however you may choose to use any variable you have setup on the target machine with the exception of user variables which are not supported. You may not use ‘%temp%’ for example as this refers to a specific users temp directory (‘username/temp/’). Wildcards are not supported. IncludeSub-Folders = Select this checkbox to apply the override to all sub-folders within this folder. Detect if Malicious =  If this setting is enabled Webroot will continue to protect the user against threats originating from the selected file/folder whitelist override but will disable monitoring and journaling. This is primarily used to improve performance when monitoring and journaling is being applied to a large number of files with an unknown determination. Disabling this setting will provide a true whitelisting, allowing files to run without Webroot protection. Apply to Policy = Select Yes or No to apply to a specific policy, or globally.   7. When you're done, click the Save button.              
View full article
  What is CryptoLocker? CryptoLocker is most often spread through booby-trapped email attachments and uses military grade encryption. The malware can also be deployed by hacked and malicious web sites by exploiting outdated br owser plugins.    Webroot's Threat Brief on CryptoLocker   Can Webroot Protect Customers Against It?   Encrypting ransomware (Cryptolocker, CTB Locker, Crtroni, Cryptowall, ect.) is a very difficult infection to remediate because it uses the RSA public-key encryption algorithm to encrypt user files using unique encryption keys for each computer. Once a user’s files are encrypted this way, it is next to impossible to decrypt them without access to the private key that is stored on the remote servers in use by the malware author(s). There are no tools currently that are capable of decrypting these files without the private key. As long as SecureAnywhere is installed prior to infection, All encrypting ransomware should be detected and removed before it is allowed to make any changes on the computer. Threat Research has many rules in place already to detect the known variants of Cryptolocker at or before execution, but it is important to remember that malware is constantly changing and we cannot guarantee that we will initially detect all new variants.   For best practices on securing your environment from encrypting ransomware please see our community post: https://community.webroot.com/t5/Webroot-Education/Best-practices-for-securing-your-environment-against/ta-p/191172       Read more about CryptoLocker in these posts on the Webroot Community: Additional Conversations About CryptoLocker   CryptoLocker malware targeting the UK - comment from Webroot    NCA warns UK of mass CryptoLocker ransomware attacks - comment from Webroot
View full article
Question Which server platforms are supported for Webroot SecureAnywhere Business - Endpoint Protection? Answer Webroot SecureAnywhere Business - Endpoint Protection supports the following server platforms:   Supported Server Platforms: Windows Server 2012 Standard, R2 Windows Server 2008 R2 Foundation, Standard, Enterprise Windows Server 2003 Standard, Enterprise, Service Pack2, 32 and 64-bit Windows Small Business Server 2008, 2011, 2012 Windows Server Core 2003, 2008, 2012 Windows Server 2003 R2 for Embedded Systems Windows Embedded Standard 2009 SP2 Windows XP Embedded SP1, Embedded Standard 2009 SP3 Windows Embedded for POS Version 1.0 Supported Virtual Server Platforms: VMware vSphere 5.5 and older (ESX/ESXi 5.5 and older), Workstation 9.0 and older, Server 2.0 and older Citrix XenDesktop 5; XenServer 5.6 and older; XenApp 6.5 and older Microsoft Hyper-V Server 2008, 2008 R2, 2012 and 2012 R2 Virtual Box
View full article
LusyPOS is a new variant of malware that was used in the Target breach.  It combines code from two other pieces of malware named Dexter and Chewbacca.  It targets Point of Sale (POS) systems with a view to stealing customer information and credit card data stored in RAM. It uses the encrypted Tor network to communicate with the server that collects the data.     To protect your POS systems from this threat we recommend: 1. Using an antivirus and malware detection system that detects LusyPOS.  Webroot SecureAnywhere will detect and prevent LusyPOS. 2. Making sure that your firewall blocks communications that attempt to access the Tor network   Additional resources to learn more: http://securitykitten.github.io/lusypos-and-tor/ http://www.networkworld.com/article/2854093/new-pointofsale-malware-on-underground-markets-for-2000.html https://community.webroot.com/t5/Security-Industry-News/New-point-of-sale-malware-on-underground-markets-for-2-000/m-p/174835
View full article
Webroot now has an integration with Labtech.  Watch this video to learn more about how that works   Q. What is Labtech?   A. Labtech is a remote monitoring and management (RMM) platform used by IT service providers to manage the environments of the businesses they support   Q. What benefit does integrating with Webroot bring? A. It allows you to manage your Endpoint installations from one convenient tool, rather than have to go to multiple locations for each software package that you support as an MSP   Q. Where can I learn more after watching this? A. Here a link with more information.   Q.  Enough with the questions, can we get to the video now? A. Sure thing, here it is:  
View full article
WSABLogs is a utility written by Webroot’s QA department. This utility gathers Webroot SecureAnywhere Business software operation information which includes: • Webroot software operation logs • Webroot software scan logs • System and Application Event logs • Windows MiniDumps • Network Configuration data • Registry data pertaining to the operation of the software or common registry locations used to launch malware from • Webroot program file information • Key directly listings (using dir function ) including directories that are known to house malware • Scheduled Task data • The Hosts file • System MSD   This document is intended for automation and command line usage as this same utility is normally run from agent commands in the console.    The tool can be downloaded here and the instructions are attached as a PDF.
View full article
Question:  How does WSA perform when no network connectivity is available?   Answer:  While WSA has the strongest protection when connected to the Internet, it provides significant protection when offline. A few thousand critical signatures are pushed down from the cloud for offline protection. The client remembers all of the files it's been told about to provide protection. The client further uses behavioral heuristics to block threats when offline and can even turn into a full "whitelist-only" mode. All files are set to monitor when offline - heuristics are applied in real-time and pre-execution. Each system modification is precisely tracked by WSA. Once the client is back online, if a program is eventually found to be malicious, every change that was made can be reverted.     Question:  Is there a way to create granular overrides for specific or global endpoints?   Answer :  Yes. We have override capabilities that can be applied on a client, group, and account basis.     Question:  Where is the monitoring work? If it’s in the cloud, does that mean that "new" files are being uploaded to Webroot servers for monitoring or does this occur on the client?   Answer :  File monitoring is a local feature that runs on the user PC. No files are ever uploaded to the cloud.     Question:  What is the average, daily Internet bandwidth consumed by the WSA BEP client?   Answer:   Approximately 150KB.   Question:  Will the WSA BEP client have any conflicts with existing anti-malware solutions, including current Webroot endpoint security customers?   Answer :  The WSA client is compatible with existing anti-malware solutions as well as our own.     Question:  Does the ‘Undetermined Software’ report identify the specific impacted files?   Answer :  Yes. Filename, pathname, file size, and last seen are shown by default. Additional information can be shown such as first seen, vendor, product, version, and MD5.     Question:  Are custom reports available?   Answer :  Yes. All reports have different levels of customization allowing reports for targeted data sets. Reports will be available in a number of formats, including PDF, .CSV, SQL Database, and direct print from browser. All reports can be scheduled for delivery.     Question:  How does the firewall work? Does the firewall take place of the Windows Firewall?   Answer :  The Webroot firewall monitors outbound traffic. It looks for untrusted processes that try to connect to the Internet. It works in conjunction with the Windows firewall, which monitors inbound traffic.     Question:  Some malware blocks all network connectivity. How does WSA BEP handle this challenge?   Answer:   Because WSA runs at the Kernel level, it has the capability to circumvent any attempt to block its ability to contact the cloud, including bypassing the Windows API should the need arise.     Question:  Are mobile laptop users able to connect to the cloud when online (though not connected to the corporate network)?   Answer :  Yes. Since we use a cloud-based architecture, our clients never have the need to check in to any service inside a specific network. They simply require an active Internet connection to access our backend.  This extends to the initial deployment as well. The client can be deployed by users directly by running specially named versions of the installation file. During installation the license key is passed by the client to our backend. We then tie that client into the appropriate cloud-based customer admin console using the license key so that it can be remotely managed.     Question:  What client and server platforms are supported? Please comment on Terminal Server, Citrix, and virtual desktop infrastructure.  WSA works and is supported on the following standard and virtual server and client environments:   Answer :  - Windows Server 2003 Standard, Enterprise, 32-bit and 64-bit - Windows Server 2008 R2 Foundation, Standard, Enterprise - Windows Small Business Server 2008 and 2011 - VMWare vSphere 4 (ESX/ESXi3.0, 3.5, 4.0, 4.1) - VMWare Workstation 6.5, 7.0, Server 1.0, 2.0 - Citrix XenDesktop 5 and XenServer 5.0, 5.5, 5.6 - Microsoft Hyper-V Server 2008   Question:  Does the management console have granular policy capabilities? For example, setting up a different policy based upon group or individual clients.   Answer :  Yes. The management console has the ability to create a customized group structure, which you can then use to group computers together based on your own criteria. Specifically configured policies can then be applied to those computers as needed.  
View full article
Question I’m using Webroot SecureAnywhere Business - Endpoint Protection and want to know how to issue commands to endpoints. Answer You can issue commands to individual endpoints or to all of the endpoints in a group as long as you have appropriate permissions. Depending on your access permissions, you may see some or all of the commands at your disposal. If you need to edit your permissions, you can click here to access the “Setting user permissions” section of our Webroot SecureAnywhere Business - Endpoint Protection help guide to learn how.   To issue commands to endpoints in a group, here’s the quick 3-step process:   1. Open the Group Management tab and select a group.   2. Choose the endpoint on which you wish to run the command.   Alternatively, you can select “Hostname” to run the command on all of the endpoints in the group. If the group has more than a single page of endpoints, you’ll be prompted with an action dialog asking you to apply the command either to all of the endpoints on the current page, or on all pages of endpoints. 3.  Open the “Agent Commands” menu and select from the category of commands you wish to issue. You can see a description of the commands by hovering your mouse over each one to open its tooltip.   For a detailed list of the commands and what they do, click here.
View full article
How to Deploy Using Group Policy - Webroot SecureAnywhere Business Endpoint Protection Tutorial   Downloading the MSI:   1. Login to your My Webroot Account   2. Click on your username in the upper-right corner                         3. Click on "Downloads"   4. Download and save the MSI located towards the bottom of the page somewhere locally. We recommend saving it to your desktop     http://anywhere.webrootcloudav.com/zerol/wsasme.msi   Editing the MSI using a free editor: Webroot recommends a third party editing tool called ORCA   1. Insert the keycode using an MSI editor   2. Right-click the SecureAnywhere MSI and select "Edit with Orca"   3. Inside Orca, scroll to the Property table and click on the "GUILIC" field and enter your keycode without spaces     4. Click "Save"     Part 2: Creating a Network Share   Part 3: Creating a Group Policy Object      
View full article
When attempting to use proxy settings with Webroot SecureAnywhere Business – Endpoint Protection, there are two methods to allow the Webroot product to communicate with our cloud servers. These are listed below.  -- -- -- -- -- -- -- -- -- --   Option 1: Enter a proxy bypass (Recommended)   Enter a proxy bypass for g*.p4.webrootcloudav.com   Note: if you choose this option, be sure that the wild card mask (*) is supported.  If not, you will need to add 100 separate URL's, e.g. [g1, g2, g3, ..., g99, g100].   -- -- -- -- -- -- -- -- -- --   Option 2: Enter proxy information on each endpoint   Note: This option is only recommended if you are unable to use option 1.    1.       Open the SecureAnywhere Endpoint Protection Group Management tab, open a group, and select an endpoint. 2.       In the Policy column of the selected endpoint, double-click its policy name to open a list of available policies. 3.       Select the unmanaged policy and apply.  A red flag on the new policy name reminds you that you’ve made a change. 4.       Click Save Changes.   Once applied, go to each individual endpoint workstation and follow the instructions below.   5.       Open SecureAnywhere Endpoint Protection from the system tray icon. 6.       Click Settings. 7.       In the Settings window, open the Proxy tab. 8.       Enter your proxy information. 9.       Click Save All to save your changes.   After entering the proxy information, you can move the machine back to the original policy.   Tip:  The best way to test proxy settings is to ensure there is no Internet access via the default gateway.  You can hardcode an IP address and subnet mask for the endpoint’s network card without adding a default gateway or DNS server. As long as the proxy server is on the same subnet, you can be sure that the only Internet access is via the proxy server.   If you are not using a proxy to filter traffic but a firewall is in place, please allow Webroot’s path masks through the firewall, listed below:   *.webrootcloudav.com   (this will cover the g-url’s as well as several other target addresses)   *.*.webrootcloudav.com (some devices don’t like a single * for urls that contain dots in the value of *)   *.p4.webrootcloudav.com (in case a device doesn’t like multiple *’s)   *.compute.amazonaws.com (this will cover inbound communication from the Amazon cloud servers)   *.webroot.com (for future communications)   *.webrootanywhere.com (for future communications)
View full article
Question What are the system requirements for Webroot SecureAnywhere Business - Endpoint Protection? Answer Endpoint system requirements: Windows XP 32- and 64-bit SP2, SP3 Windows Vista® 32-bit (all Editions), Windows Vista SP1, SP2 32-bit and 64-bit (all Editions) Windows 7 32- and 64-bit (all editions), Windows 7 SP1 32- and 64-bit (all editions) Windows® 8 32-bit and 64-bit Intel®Pentium®/Celeron® family, or AMD® K6/Athlon™/Duron™ family, or other compatible processor 128 MB RAM (minimum) Internet access: Internet Explorer® 7.0 and higher (32-bit only), Mozilla Firefox® 3.6 and higher (32-bit only), Google Chrome™ browser 10.0 or higher
View full article
Question We use Webroot SecureAnywhere Web Security Service, and we'd like to know the IP address ranges to allow through our firewall.   Answer Please refer to the following chart for the IP addresses you will need to allow in your Firewall: Open TCP ports: 80, 443, 3128 and 8080 to the following IP Ranges [and 389 if you intend to use LDAP lookups] 208.87.136.0 – 208.87.136.255 208.87.137.0 – 208.87.137.255 Open TCP ports: 80, 443,3128 and 8080 to the following IPs and IP Ranges   194.116.198.0 – 194.116.198.255; 194.116.199.0 – 194.116.199.255; 175.107.77.1 – 175.107.77.30; 79.125.21.75; 79.125.21.76; 79.125.21.78; 79.125.21.79; 79.125.8.156; 79.125.119.170 174.129.28.79; 174.129.209.130; 174.129.209.149; 174.129.243.180 175.41.133.17; 50.16.199.22; 50.16.199.29; 50.16.199.30; 184.169.161.31; 184.169.163.152; 184.169.163.153; 184.169.163.155; 54.241.1.209; 54.241.1.211; 54.241.1.212
View full article
DWP logs are available to help you and your service provider diagnose connection problems. You should only need to gather these logs if requested by technical support. The DWP logging level is configurable only on the client, not on the Management Portal. Three levels of logging are available: Basic–Logs errors. (default) Medium–Logs errors and warnings. Detailed–Logs messages, errors, and warnings. To change the logging level and to write a log: Hold down the Shift key and right-click the DWP tray icon.   Select a logging level. User-specific logs are written to %ALLUSERSPROFILE%\ApplicationData\DWP_Webfiltering\<WindowsloginID>.<WindowsDomain>\DesktopWebProxy_*.log Generic logs are written to %ALLUSERSPROFILE%\ApplicationData\DWP_Webfiltering\ The DWP_Webfiltering folder also contains uDWPStarter_CA.log and uDWPStopper_CA.log, which contain installation information that is not related to diagnostic logging.
View full article
Sometimes Webroot Support may ask for a packet capture when troubleshooting an issue for you, or you may wish to obtain a packet capture for yourself.  Here is how to do that: Hold down the Ctrl key and right-click the DWP tray icon.   Select Network Packet Capture from the pop-up menu. The Network Packet Capture window opens with the path to your desktop selected. The desktop is the default output path.   Click Start Capture to accept the default folder, or Browse to another folder and then click Start Capture.   Click Close to hide the window. A notification bubble opens over the DWP icon periodically, reminding you that the capture is running:   When you have captured enough data to recreate the problem you’re troubleshooting, Ctrl/right-click the DWP icon to open the Network Packet Capture window and click Stop Capture. The capture results are available in the DWP_Pcaps folder on your desktop or other specified location. The folder is identified by the date and time of the capture. The DWP_Pcaps folder contains one folder for each capture, which contains a .pcap file for each adapter found, and the AdapterNames.txt file. For example:   If support has requested the packet capture, please follow up with them.  You can contact technical support to determine the best way to send the .pcap files to them. These files are very large.   US Business Support: 877-612-6009 Email: saassupport@webroot.com UK/EMEA Phone: +44 (0) 800-804-7015 Email: saassupport@webroot.com APAC Business Support outside of Australia: +61 (0) 2-8071-1903 Support in Australia: (Free Call) 1-800-212-640 Email: saassupport@webroot.com
View full article