cancel
Showing results for 
Search instead for 
Did you mean: 

Knowledge Base - Business

Top Contributors
Sort by:
  Webroot® Luminaries influence the future of security. The Webroot Luminaries Program identifies and rewards professionals who love our products and take full advantage of their value. Webroot Luminaries: Use Webroot SecureAnywhere Business products. Know how our products interact with their network and want to share feedback. Are committed to security and want to help lead the Smarter Cybersecurity™ charge worldwide. By joining the Luminaries Program, you will: Get exclusive sneak peeks at upcoming releases, new products, betas, and private groups on the Webroot Business Community and LinkedIn. Have the opportunity to be published as a thought leader in the security space, promoting your business. Have a forum to provide input that may influence the development of current and future products. Be rewarded for participating in case studies, press announcements, and other Webroot news. Receive exclusive discounts for your companies’ employees. (50% off Webroot security for home use.) Sound like you? Send @akim a message and request an invitation!
View full article
Managing your alerts with Webroot couldn't be easier. 
View full article
You can customize alert messages and send them to a distribution list whenever the following types of events occur:   Endpoints reporting an infection New SecureAnywhere installations on endpoints For both of these event types, you can customize the alerting method so administrators receive a message as soon as the event occurs or on a schedule, such as daily, weekly, or monthly. Using a setup wizard in the Alerts tab, you can customize the subject heading and body of the messages. You can also use variables to add information for the endpoints triggering the alerts, affected groups, and other specifics about the event.   Note: To customize alerts, you must have access permissions for Alerts: Create & Edit.    To implement an alert: Create a distribution list based on email addresses. List members do not need to be defined in the Manage Users panel of the Management Portal. For more information, see   Creating Distribution Lists . Create alert messages that are sent to the distribution list whenever endpoints report an infection or SecureAnywhere is installed on an endpoint. For more information, see   Creating Customized Alerts . All your customized alerts display in the Alerts tab.  
View full article
From the Alerts tab, you can easily create a distribution list of users who will receive alert messages. For example, you might want to create a list of administrators who need to respond to threat detections at a remote office.   Note: You can also create a distribution list in the Create Alert wizard. For more information, see  Creating Customized Alerts .   To create a distribution list: Click the   Alerts   tab. In the Distribution Lists column, from the Command bar, click   Create.   The Create Distribution window displays     In the List Name field, enter a name for the list. In the Email Addresses field, enter the email addresses of the recipients, with each address separated by a comma. When you're done, click the   Save   button. The new list is added to the Distribution Lists panel.   To delete the list later, highlight the name of the list and from the Command bar, click the   Delete   icon.
View full article
You can customize the alert messages sent to a distribution list for the following types of events:   Infection Detected   — An immediate message sent when an endpoint reports an infection. Endpoint Installed   — An immediate message sent as soon as SecureAnywhere is installed on an endpoint and it reports into the Management Portal. Infection Summary   — A summary message that provides an overview of threats detected on endpoints. The summary can be scheduled for a daily, weekly, or monthly distribution. Install Summary   — A summary message that provides an overview of SecureAnywhere installations. The summary can be scheduled for a daily, weekly, or monthly distribution.   You can use the Create Alert wizard to define the messages and a distribution list, as described in this topic. You can also define a distribution list separately; for more information, see   Creating Distribution Lists .   To create a customized alert: From the main console, click the   Alerts   tab.   The Alerts panel displays.        2. From the Command bar, click the Create icon.     The Create Alert window displays.         3. From the Alert Type drop-down menu, select an alert type.        4. In the Alert Name field, enter a name for this alert.         5. If you selected Threat Summary or Install Summary as the alert type, the Frequency field displays. Select a frequency to determine how often you want the system to send alerts. Daily Weekly Monthly    6. Click the Next button.     The Step 2 window displays.        7. Select one of the following radio buttons to determine the list of recipients that you want to alert: If you already created a distribution list, select the   Use existing list   radio button.   If you have not yet created a distribution list, select the   Create new list   radio button, enter a list name, then enter the email addresses.      8. When you're done, click the Next button. The Step 3 window displays.         9.  In the Email title field, enter the subject head for the message.    10.  In the Email message body field, enter the text for the message.        11. The wizard also provides data inputs within the text, which are variables you can use for automatically inserting such information as the hostname of the endpoint. Some data inputs are already displayed for you in the sample text. Data inputs are displayed in brackets.   To add your own data inputs, click inside the text where you want a variable to display , then click the drop-down arrow for one of the Data Inputs buttons. There is one button for the email title and one for the email body.          12.  Select from the data inputs, which are all described in the following table.   Note: Depending on the type of alert message you are defining, only the applicable data inputs display in the drop-down menu.      DATA INPUT      DESCRIPTION   Hostname The name of the endpoint triggering the alert. Group Name The group assigned to the endpoint triggering the alert. Group Description A description of the group assigned to the endpoint triggering the alert. Policy Name The policy assigned to the endpoint triggering the alert. Keycode The keycode used for the endpoint triggering the alert. Current User The user of the endpoint triggering the alert. Console Name The name of the Console where the endpoint is included. First Seen The date and time when this event was first detected. Last Seen The date and time when this event was last detected. Last Infected The date and time the endpoint triggering the alert was last infected. Operating System The operating system version on the endpoint triggering the alert. Agent Version The version number of the SecureAnywhere software installed on the endpoint triggering the alert. MAC Address The Media Access Control (MAC) address on the network where the endpoint triggering the alert is installed. Workgroup The network workgroup where the endpoint is located, if any. Active Directory The name of the Active Directory. Infection List A list of infections. Infection Summary A summary of the infections. Install Summary A summary of the SecureAnywhere installations. Note: Both the Workgroup and Active Directory data points are unsupported in the Mac agent.      13.To view the email message, click   Preview.    14. When you are done creating the message, click Finish.  
View full article
All your customized alerts are listed in the Alerts tab with a status of Active. From here, you can edit the alert by double-clicking in its row.   On the right side of the panel are the distribution lists you defined.     If needed, you can display or hide additional data about the alert messages.   To view a defined alert message: Click a column header to open the drop-down menu, then do either of the following: Select a checkbox to add a column. Deselect a checkbox to remove a column.   The information in the columns is described in the following table.   COLUMN DESCRIPTION Alert Name The name defined in the Create Alert wizard. This column is static and cannot be hidden. Alert Type Displays one of the following alert types: Infection Detected Endpoint Installed Infection Summary Install Summary Distribution List The email recipients for this alert. Date Created The date the alert message was defined. Created By The administrator who created the alert message. Date Edited The date, if any, that the alert message was modified. Edited By The administrator who modified the alert message, if applicable. Status The alert status, which is either Active or Suspended.  
View full article
After customizing alert messages for a distribution list, you may decide later that an alert is no longer necessary. You can permanently delete an alert; or if you think it might be useful again sometime in the future, you can temporarily suspend it instead.   To suspend or delete an alert: Click the Alerts tab. From the Alert Name column, select an alert.  From the Command menu bar, click either the Delete or Suspend icon.   If you selected Suspend, the alert is grayed out in the column, and Suspended displays in the Status column. Later, you can select the alert again and click   Resume. If you selected Delete, click   Yes   at the prompt. The alert is permanently removed from Endpoint Protection.
View full article
Welcome to the Webroot Community!   We are very happy to have you here, and want to make sure you feel comfortable navigating through the Webroot Community. To get you started, we have created some quick start guides for common questions:   Introduce Yourself! Community Guidelines Editing and Deleting Posts Bookmarks and Subscriptions Tagging Other Users Quoting Other Users Adding a Signature Adding your country badge Changing Your Avatar What is the Webroot VIP Program? Meet the Webroot Community Team   In addition, you can always ask one of our friendly community members and moderators for assistance at any time, as we are always happy to help!  
View full article
Submitting a support ticket is often the easiest way to get an issue resolved. Below are instructions on how to create a support ticket:   For Home Users Click this link to begin Enter your email address in the field provided and click "continue" If you have contacted support before, you will be prompted to enter your previous password. Once you are logged in you can "send another message" If you have not contacted support before, you will be prompted to create an account by clicking "sign up now". Once you have registered, you will be able to "send a message" For Business Users Click this link to begin If you have contacted support before, click the login button.  If you have not contacted support before, click the "start new ticket" button  
View full article
We are continuously developing new material to help protect individuals against ransomware and other threats. Here are a few of our recent publications that you may share with your friends, family, and co-workers.   Whitepaper - Q&A The Truth About Crypto Ransomware   Webinar - Defeating Polymorphic Phishing   Webinar - Cloud Security Best Practices for Defending Against APTs   Podcast - Protecting Against Emerging Ransomware  
View full article
We have integration with the following RMM and PSA software:   Continuum   Kaseya   LabTech   Autotask   Connectwise   NinjaRMM   Atera   There are more integrations in the pipeline and I'll keep this list updated as they roll out.    
View full article
Learn how to secure your environment against ransomware
View full article
Question How do I Enable/Disable Webroot Filtering Extensions in Endpoints? Answer This solution addresses Webroot SecureAnywhere Business - Endpoint Protection Internet Explorer With the release of Webroot PC agent version 9.0.3 and the Web Filter version 1.2, the Web Filtering browser extension for Internet Explorer is now installed automatically, without prompting. In addition, the extension cannot be removed from the browser directly but can be removed via the Webroot PC agent user interface. Follow these steps to disable the extension in Internet Explorer. Close all open instances of Internet Explorer Open the Webroot SecureAnywhere PC agent interface On the Main screen, click the Advanced Settings button in upper right corner Select Firewall / Web Shield from the left hand column. Uncheck the box for Activate browser extensions. If the Captcha feature is enabled, enter the requested Captcha and press Continue. Close the settings window using the "X" in the upper right corner. Upon restart of the browser, the Webroot Web Filtering extension is removed. Note : The browser extensions provide important protection features including detection and blocking of malicious websites, search annotations for search engine results from Google, Yahoo and Bing as well as Realtime Anti-phishing protection. If the browser extensions are not activated this protection is not available. Firefox ESR (Extended Support Release) and Chrome (on domain managed machines only) With the release of Webroot PC agent version 9.0.3 and the Web Filter version 1.2, the Web Filtering browser extensions for these browsers are now installed automatically, without prompting. Note : in FireFox ESR the Webroot Web Filtering browser extension is not displayed in the Add-ons Manager at all due to the enforced installation. In addition, the extensions cannot be removed from these browsers directly but can be removed via the Webroot PC agent user interface. Follow these steps to disable extensions. Close all open instances of the browsers Open the Webroot SecureAnywhere PC agent interface On the Main screen, click the Advanced Settings button in upper right corner Select Firewall / Web Shield from the left hand column. Uncheck the box for Activate browser extensions. If the Captcha feature is enabled, enter the requested Captcha and press Continue. Close the settings window using the "X" in the upper right corner. Upon restart of the browser, the Webroot Web Filtering extension is removed. Note : The browser extensions provide important protection features including detection and blocking of malicious websites, search annotations for search engine results from Google, Yahoo and Bing as well as Realtime Anti-phishing protection. If the browser extensions are not activated this protection is not available.
View full article
  Global whitelist overrides can now be set on a file or folder level as well as the traditional MD5 level in Endpoint Protection. This upgrade allows greater flexibility in the deployment of overrides and means that multiple related MD5 overrides no longer have to be whitelisted individually, instead the whole associated directory can simply be whitelisted.   To create a whitelist override:   From the Site console, click the Overrides tab.   The system displays the Overrides panel, with the Whitelist pane active.         2. Click the Create button         The system displays the Create override window.         3. To create an MD5 override type, do the following:   In the Override Name field, enter a name for the override Make sure the MD5 radio button is selected. In the MD5 field, enter the 32-character unique identifier for the file. Select either the No or Yes Apply to Policy radio button Click the Save button   4. To create a Folder/File override, continue with this procedure.   Note: To use Folder/File overrides, please ensure endpoints are running version 9.0.1 or higher of Webroot SecureAnywhere Endpoint Protection. Earlier versions support MD5 overrides only.   5. In the New Whitelist Entry window, select the Path/File radio button.          The system displays the Create override window with relevant fields.     6. Use the information below to populate the fields.   Override Name = Enter a name for the override Override Type = The type of ovveride selected, Path/File in this case. File Mask = Target a file or group of files by specifying a file mask with optional wildcards, for example, *.exe to target all executable files in the selected folder. This will default to all files in the selected folder/path if not specified. Path/Folder Mask =  The folder to target with the override. You can specify an absolute path, for example, ‘x:\myfolder\’ or a system variable with optional path, for example, ‘%SystemDrive%\myfolder’. Default supported environment variables are displayed when you type ‘%’ however you may choose to use any variable you have setup on the target machine with the exception of user variables which are not supported. You may not use ‘%temp%’ for example as this refers to a specific users temp directory (‘username/temp/’). Wildcards are not supported. IncludeSub-Folders = Select this checkbox to apply the override to all sub-folders within this folder. Detect if Malicious =  If this setting is enabled Webroot will continue to protect the user against threats originating from the selected file/folder whitelist override but will disable monitoring and journaling. This is primarily used to improve performance when monitoring and journaling is being applied to a large number of files with an unknown determination. Disabling this setting will provide a true whitelisting, allowing files to run without Webroot protection. Apply to Policy = Select Yes or No to apply to a specific policy, or globally.   7. When you're done, click the Save button.              
View full article
  What is CryptoLocker? CryptoLocker is most often spread through booby-trapped email attachments and uses military grade encryption. The malware can also be deployed by hacked and malicious web sites by exploiting outdated br owser plugins.    Webroot's Threat Brief on CryptoLocker   Can Webroot Protect Customers Against It?   Encrypting ransomware (Cryptolocker, CTB Locker, Crtroni, Cryptowall, ect.) is a very difficult infection to remediate because it uses the RSA public-key encryption algorithm to encrypt user files using unique encryption keys for each computer. Once a user’s files are encrypted this way, it is next to impossible to decrypt them without access to the private key that is stored on the remote servers in use by the malware author(s). There are no tools currently that are capable of decrypting these files without the private key. As long as SecureAnywhere is installed prior to infection, All encrypting ransomware should be detected and removed before it is allowed to make any changes on the computer. Threat Research has many rules in place already to detect the known variants of Cryptolocker at or before execution, but it is important to remember that malware is constantly changing and we cannot guarantee that we will initially detect all new variants.   For best practices on securing your environment from encrypting ransomware please see our community post: https://community.webroot.com/t5/Webroot-Education/Best-practices-for-securing-your-environment-against/ta-p/191172       Read more about CryptoLocker in these posts on the Webroot Community: Additional Conversations About CryptoLocker   CryptoLocker malware targeting the UK - comment from Webroot    NCA warns UK of mass CryptoLocker ransomware attacks - comment from Webroot
View full article
Question Which server platforms are supported for Webroot SecureAnywhere Business - Endpoint Protection? Answer Webroot SecureAnywhere Business - Endpoint Protection supports the following server platforms:   Supported Server Platforms: Windows Server 2012 Standard, R2 Windows Server 2008 R2 Foundation, Standard, Enterprise Windows Server 2003 Standard, Enterprise, Service Pack2, 32 and 64-bit Windows Small Business Server 2008, 2011, 2012 Windows Server Core 2003, 2008, 2012 Windows Server 2003 R2 for Embedded Systems Windows Embedded Standard 2009 SP2 Windows XP Embedded SP1, Embedded Standard 2009 SP3 Windows Embedded for POS Version 1.0 Supported Virtual Server Platforms: VMware vSphere 5.5 and older (ESX/ESXi 5.5 and older), Workstation 9.0 and older, Server 2.0 and older Citrix XenDesktop 5; XenServer 5.6 and older; XenApp 6.5 and older Microsoft Hyper-V Server 2008, 2008 R2, 2012 and 2012 R2 Virtual Box
View full article
LusyPOS is a new variant of malware that was used in the Target breach.  It combines code from two other pieces of malware named Dexter and Chewbacca.  It targets Point of Sale (POS) systems with a view to stealing customer information and credit card data stored in RAM. It uses the encrypted Tor network to communicate with the server that collects the data.     To protect your POS systems from this threat we recommend: 1. Using an antivirus and malware detection system that detects LusyPOS.  Webroot SecureAnywhere will detect and prevent LusyPOS. 2. Making sure that your firewall blocks communications that attempt to access the Tor network   Additional resources to learn more: http://securitykitten.github.io/lusypos-and-tor/ http://www.networkworld.com/article/2854093/new-pointofsale-malware-on-underground-markets-for-2000.html https://community.webroot.com/t5/Security-Industry-News/New-point-of-sale-malware-on-underground-markets-for-2-000/m-p/174835
View full article
Webroot now has an integration with Labtech.  Watch this video to learn more about how that works   Q. What is Labtech?   A. Labtech is a remote monitoring and management (RMM) platform used by IT service providers to manage the environments of the businesses they support   Q. What benefit does integrating with Webroot bring? A. It allows you to manage your Endpoint installations from one convenient tool, rather than have to go to multiple locations for each software package that you support as an MSP   Q. Where can I learn more after watching this? A. Here a link with more information.   Q.  Enough with the questions, can we get to the video now? A. Sure thing, here it is:  
View full article
WSABLogs is a utility written by Webroot’s QA department. This utility gathers Webroot SecureAnywhere Business software operation information which includes: • Webroot software operation logs • Webroot software scan logs • System and Application Event logs • Windows MiniDumps • Network Configuration data • Registry data pertaining to the operation of the software or common registry locations used to launch malware from • Webroot program file information • Key directly listings (using dir function ) including directories that are known to house malware • Scheduled Task data • The Hosts file • System MSD   This document is intended for automation and command line usage as this same utility is normally run from agent commands in the console.    The tool can be downloaded here and the instructions are attached as a PDF.
View full article
Question:  How does WSA perform when no network connectivity is available?   Answer:  While WSA has the strongest protection when connected to the Internet, it provides significant protection when offline. A few thousand critical signatures are pushed down from the cloud for offline protection. The client remembers all of the files it's been told about to provide protection. The client further uses behavioral heuristics to block threats when offline and can even turn into a full "whitelist-only" mode. All files are set to monitor when offline - heuristics are applied in real-time and pre-execution. Each system modification is precisely tracked by WSA. Once the client is back online, if a program is eventually found to be malicious, every change that was made can be reverted.     Question:  Is there a way to create granular overrides for specific or global endpoints?   Answer :  Yes. We have override capabilities that can be applied on a client, group, and account basis.     Question:  Where is the monitoring work? If it’s in the cloud, does that mean that "new" files are being uploaded to Webroot servers for monitoring or does this occur on the client?   Answer :  File monitoring is a local feature that runs on the user PC. No files are ever uploaded to the cloud.     Question:  What is the average, daily Internet bandwidth consumed by the WSA BEP client?   Answer:   Approximately 150KB.   Question:  Will the WSA BEP client have any conflicts with existing anti-malware solutions, including current Webroot endpoint security customers?   Answer :  The WSA client is compatible with existing anti-malware solutions as well as our own.     Question:  Does the ‘Undetermined Software’ report identify the specific impacted files?   Answer :  Yes. Filename, pathname, file size, and last seen are shown by default. Additional information can be shown such as first seen, vendor, product, version, and MD5.     Question:  Are custom reports available?   Answer :  Yes. All reports have different levels of customization allowing reports for targeted data sets. Reports will be available in a number of formats, including PDF, .CSV, SQL Database, and direct print from browser. All reports can be scheduled for delivery.     Question:  How does the firewall work? Does the firewall take place of the Windows Firewall?   Answer :  The Webroot firewall monitors outbound traffic. It looks for untrusted processes that try to connect to the Internet. It works in conjunction with the Windows firewall, which monitors inbound traffic.     Question:  Some malware blocks all network connectivity. How does WSA BEP handle this challenge?   Answer:   Because WSA runs at the Kernel level, it has the capability to circumvent any attempt to block its ability to contact the cloud, including bypassing the Windows API should the need arise.     Question:  Are mobile laptop users able to connect to the cloud when online (though not connected to the corporate network)?   Answer :  Yes. Since we use a cloud-based architecture, our clients never have the need to check in to any service inside a specific network. They simply require an active Internet connection to access our backend.  This extends to the initial deployment as well. The client can be deployed by users directly by running specially named versions of the installation file. During installation the license key is passed by the client to our backend. We then tie that client into the appropriate cloud-based customer admin console using the license key so that it can be remotely managed.     Question:  What client and server platforms are supported? Please comment on Terminal Server, Citrix, and virtual desktop infrastructure.  WSA works and is supported on the following standard and virtual server and client environments:   Answer :  - Windows Server 2003 Standard, Enterprise, 32-bit and 64-bit - Windows Server 2008 R2 Foundation, Standard, Enterprise - Windows Small Business Server 2008 and 2011 - VMWare vSphere 4 (ESX/ESXi3.0, 3.5, 4.0, 4.1) - VMWare Workstation 6.5, 7.0, Server 1.0, 2.0 - Citrix XenDesktop 5 and XenServer 5.0, 5.5, 5.6 - Microsoft Hyper-V Server 2008   Question:  Does the management console have granular policy capabilities? For example, setting up a different policy based upon group or individual clients.   Answer :  Yes. The management console has the ability to create a customized group structure, which you can then use to group computers together based on your own criteria. Specifically configured policies can then be applied to those computers as needed.  
View full article