This solution addresses Webroot SecureAnywhere Business – Endpoint Protection To remove the Webroot SecureAnywhere software from the endpoint, use the standard MSI command: msiexec /x installer.msi /qn /L*v uninstall.log
... View more
This solution addresses Webroot SecureAnywhere Business – Endpoint Protection To install SecureAnywhere using GPO, you should have experience with Microsoft’s Active Directory and the GPO editor. You can also watch a video on how to use GPO at How to Deploy Using Group Policy - SecureAnywhere Business. To install SecureAnywhere using GPO:
From the following location, download the SecureAnywhere MSI installer to a network share:
Downloading the file makes it accessible to all endpoints on which you will deploy SecureAnywhere.
Go to the server that is the domain controller for the deployment group.
Open the GPO editor on the domain controller and create a policy for the deployment group.
Assign SecureAnywhere to all endpoints that belong to the Organizational Unit where the Group Policy is created.
SecureAnywhere installs on the endpoints in the group when they restart.
... View more
This solution addresses Webroot SecureAnywhere Business – Endpoint Protection The Basic Configuration settings control the behavior of the Webroot SecureAnywhere software on managed endpoints.
Basic Configuration setting
Show a Webroot shortcut on the desktop
Provides quick access to the main interface by placing the shortcut icon on the endpoint desktop. This setting applies only to PC endpoints.
Show a system tray icon
Provides quick access to SecureAnywhere functions by placing the Webroot icon in the endpoint system tray. This setting applies only to PC endpoints.
Show a splash screen on bootup
Opens the Webroot splash screen when the endpoint starts. This setting applies only to PC endpoints.
Show Webroot in the Start Menu
Lists SecureAnywhere in the Windows Startup menu items. This setting applies only to PC endpoints.
Show Webroot in Add/Remove Programs
Lists SecureAnywhere in the Windows Add/Remove Programs panel. This setting applies only to PC endpoints.
Show Webroot in Windows Action Center
Lists SecureAnywhere in the Windows Security/Action Center, under Virus Protection information. This setting applies only to PC endpoints.
Hide the Webroot keycode and subscription information on-screen
Hides the keycode on the endpoint's My Account panel. Asterisks replace the code, except for the first four digits. This setting applies to both PC and Mac endpoints.
Automatically download and apply updates
Downloads product updates automatically without alerting the endpoint user. This setting applies to both PC and Mac endpoints.
Operate background functions using fewer CPU resources
Saves CPU resources by running non-scan related functions in the background. This setting applies only to PC endpoints.
Favor low disk usage over verbose logging (fewer details stored in logs)
Saves disk resources by saving only the last four log items. This setting applies only to PC endpoints.
Lower resource usage when intensive applications or games are detected
Suppresses SecureAnywhere functions while the user is gaming, watching videos, or using other intensive applications. This setting applies to both PC and Mac endpoints.
Allow Webroot to be shut down manually
Shows a Shutdown command in the endpoint's system tray menu. Deselecting this option removes the Shutdown command from the menu. This setting applies to both PC and Mac endpoints.
Force non-critical notifications into the background
Suppresses information-only messages from appearing in the system tray. This setting applies only to PC endpoints.
Fade out warning messages automatically
Closes warning dialogs in the system tray after a few seconds. If you disable this option, the user must manually click on a message to close it. This setting applies to both PC and Mac endpoints.
Store Execution History details
Stores data for the Execution History logs, available under Reports. This setting applies only to PC endpoints.
Specifies how often the endpoint checks for updates. For example: 15 minutes, 30 minutes, 1 hour, or 2 hours. This setting applies to both PC and Mac endpoints.
... View more
This solution addresses Webroot SecureAnywhere Business – Endpoint Protection Webroot SecureAnywhere runs scans automatically every day, at about the same time you installed the software. The Scan Schedule settings enable you to change the schedules, to run scans at different times.
Scan Schedule setting
Enable Scheduled Scans
Allows scheduled scans to run on the endpoint.
Determines how often to run the scan. You can set a day of the week or select "on bootup" (when the computer starts).
Specifies the time to run the scan:
Scan time options for when computer is idle are before 8:00 a.m., before noon, before 5:00 p.m., or before midnight.
Scan time options for when resources are available are hourly, from 12:00 a.m. to 11:00 p.m.
Scan on bootup if the computer is off at the scheduled time
Launches a scheduled scan within an hour after the user turns on the computer, if the scan did not run at the normally scheduled time. If this option is disabled, SecureAnywhere ignores missed scans.
Hide the scan progress window during scheduled scans
Runs scans silently in the background. If this option is disabled, a window opens and shows the scan progress.
Only notify me if an infection is found during a scheduled scan
Opens an alert only if it finds a threat. If this option is disabled, a small status window opens when the scan completes, whether a threat was found or not.
Do not perform scheduled scans when on battery power
Helps conserve battery power. If you want SecureAnywhere to launch scheduled scans when the endpoint is on battery power, deselect this option.
Do not perform scheduled scans when a full screen application or game is open
Ignores scheduled scans when the user is viewing a full-screen application, such as a movie or a game. Deselect this option if you want scheduled scans to run anyway.
Randomize the time of scheduled scans up to one hour for distributed scanning
Determines the best time for scanning (based on available system resources) and runs the scan within an hour of the scheduled time. If you want to force the scan to run at the scheduled time, deselect this option.
Perform a scheduled Quick Scan instead of a Deep Scan
Runs a quick scan of memory. We recommend that you keep this option deselected, so that deep scans run for all types of malware in all locations.
... View more
This solution addresses Webroot SecureAnywhere Business – Endpoint Protection The Webroot firewall monitors data traffic traveling out of your managed endpoints' ports. It looks for untrusted processes that try to connect to the Internet and steal personal information. It works with the Windows firewall, which monitors data traffic coming into your managed endpoints. With both the Webroot and Windows firewall turned on, data on your managed endpoints has complete inbound and outbound protection. The Webroot firewall is preconfigured to filter traffic on your managed endpoints. It works in the background without disrupting normal activities. If the firewall detects unrecognized traffic, it opens an alert. You can either block the traffic or allow it to proceed.
Turns the Firewall on and off.
Default Allow: Allows all processes to connect to the Internet, unless explicitly blocked.
Warn unknown and infected: Warns if any new, untrusted processes connect to the Internet, if the endpoint is infected.
Warn unknown: Warns if a new, untrusted process connects to the Internet.
Default Block: Warns if any process connects to the Internet, unless explicitly blocked.
Show firewall management warnings
Controls the alert shown by SecureAnywhere when the Windows firewall is off:
On. The user sees an alert when SecureAnywhere detects that the Windows firewall is off.
Off. No alert appears when the Windows firewall is off.
Show firewall process warnings
Controls the firewall alerts. If this is setting is Off, no firewall alerts appear. This option works in conjunction with the Firewall Level settings. For example, if Show firewall process warnings and Default Block options are both set to On, the endpoint user sees an alert if a new process tries to connect. If Show Firewall process warnings is set to Off, no alert appears to the endpoint user and the process is allowed.
... View more
This solution addresses Webroot SecureAnywhere Business – Endpoint Protection Scan settings give advanced control over scanning performance.
Scan settings are controlled by policy which is configured in the management console. More information on changing policy settings is available in the user guide.
Enable Realtime Master Boot Record (MBR) Scanning
Protects the endpoint against master boot record (MBR) infections. An MBR infection can modify core areas of the system so that they load before the operating system and can infect the computer. We recommend that you keep this option selected. It adds only a small amount of time to the scan.
Enable Enhanced Rootkit Detection
Checks for rootkits and other malicious software hidden on disk or in protected areas. Spyware developers often use rootkits to avoid detection and removal. We recommend that you keep this option selected. It adds only a small amount of time to the scan.
Enable "right-click" scanning in Windows Explorer
Enables an option for scanning the currently selected file or folder in the Windows Explorer right-click menu. This option is helpful if the user downloads a file and wants to scan it quickly.
Update the currently scanned folder immediately as scanned
Displays a full list of files as SecureAnywhere scans each one. If you want to increase scan performance slightly, deselect this option so that file names only update once per second on the panel. SecureAnywhere will still scan all files, just not take the time to show each one on the screen.
Favor low memory usage over fast scanning
Reduces RAM usage in the background by using less memory during scans, but scans will also run a bit slower. Deselect this option to run faster scans and use more memory.
Favor low CPU usage over fast scanning
Reduces CPU usage during scans, but scans will also run a bit slower. Deselect this option to run faster scans.
Save non-executable file details to scan logs
Saves all file data to the scan log, resulting in a much larger log file. Leave this option deselected to save only executable file details to the log.
Show the "Authenticating Files" popup when a new file is scanned on-execution
Opens a small dialog whenever the user runs a program for the first time. Leave this option deselected if you do not want users to see this dialog.
Scan archived files
Scans compressed files in zip, rar, cab, and 7-zip archives.
Automatically reboot during cleanup without prompting
Restarts the computer after running a clean-up, which is the process of removing all traces of a malware file.
Never reboot during malware cleanup
Prevents the endpoint from restarting during cleanup, which is the process of removing all traces of a malware file.
Automatically remove threats found during background scans
Removes threats during scans that run in the endpoint's background and sends them to quarantine.
Automatically remove threats found on the learning scan
Removes threats during the first scan on the endpoint and sends them to quarantine.
Enable Enhanced Support
Allows logs to be sent to Webroot customer support.
Show Infected Scan Results
Shows scan results. If not enabled, the endpoint does not show scan results even if malware is detected.
Detect Possibly Unwanted Applications (PUAs) as malicious
Detects PUAs and blocks them from installing.
Potentially unwanted applications (PUAs) are programs that aren't necessarily malicious but contain adware, toolbars, or other unwanted additions to your system. Generally, PUAs are not malicious but may be unsuitable for use in a business environment, and may create security concerns.
If a PUA is already on the system Webroot SecureAnywhere will detect the main program but may not be able to fully remove all aspects of it.
This setting applies only to PC endpoints.
... View more
This solution addresses Webroot SecureAnywhere Business – Endpoint Protection The first time you add endpoints to SecureAnywhere Endpoint Protection, they are assigned to the Default group. You can then move endpoints to the appropriate groups. To move endpoints to another group:
Click the Group Management tab.
From the Groups panel on the left, select the group that contains the endpoints you want to move.
Note: For this procedure you must select a specific group, not All Endpoints.
From the Endpoints panel on the right, select one or more endpoints.
Tip: You can select all endpoints within the selected group by clicking the Hostname checkbox at the top of the list (first column).
Click Move endpoints to another group from the command bar.
Note: If the group has more than one page of endpoints, the dialog prompts you to apply the policy either to the endpoints on the current page or to all pages of endpoints.
When the Move dialog opens, click the drop-down arrow to display the list of groups. Select the group from the drop-down field and click Save.
Click the group you selected from the left panel. Make sure all the endpoints are shown in the Endpoints panel on the right.
... View more
Using MSI for Deployment
The Microsoft Installer (MSI) requires commands during installation, which apply the keycode and options that activate Endpoint Protection installation mode. The MSI installer is interactive by default, and requires the msiexec.exe option /qn to run an automated installation in the background.
This is an example of an MSI command:
msiexec /i wsasme.msi GUILIC=licensekey CMDLINE=SME,quiet /qn /l*v install.log
Note: In User Account Control environments, the account used to run the installer must have local admin rights. You must run the installer from a process that has elevated privileges in UAC environments, to prevent the endpoint user from seeing a UAC prompt.
To remove SecureAnywhere later:
To remove the SecureAnywhere software from the endpoint later, use the standard MSI command:
msiexec /x wsasme.msi /qn /L*v uninstall.log
To use an MSI editor:
If you use your own methods to deploy the SecureAnywhere software on endpoints, see the following table for commands you can pass to msiexec.exe during installation.
The license key, with or without hyphens.
Note: If you don't provide a keycode, the installation will continue; however, the endpoint will not have a keycode associated with it and will not be protected. If you install without a keycode, you must uninstall the software and re-install to add it.
To prevent the uninstallation by end users
You can also modify these commands directly, using an MSI editor such as ORCA:
Set the CMDLINE property in the Property table to the appropriate value.
Set the GUILIC property in the Property table to your keycode.
Set the ARPNOREMOVE property in the Property table to the appropriate value.
... View more
This solution addresses Webroot SecureAnywhere Business – Endpoint Protection The user interface policy setting gives administrative control over the Webroot SecureAnywhere agent interface on managed endpoints.
It is set to Hide in the Recommended Defaults policy. To enable users to see the interface, ensure the endpoint is not using a system policy. System policies are not configurable and have a lock next to their name in the Policy page. In the applied policy, change the setting to Show, save the setting. After the next poll and application of the updated settings, the user interface will be visible.
More information on modifying policies is available here.
User Interface setting
Blocks or allows endpoint user access to the main SecureAnywhere interface. If users try to open SecureAnywhere when this option is set to Hide, a message tells them to contact the administrator to access the interface.
Note: This option does not also hide the Webroot system tray icon.
... View more
This solution addresses Webroot SecureAnywhere Business – Endpoint Protection The Realtime shield blocks known threats that are listed in Webroot's threat definitions and community database. If the shield detects a suspicious file, it opens an alert and prompts you to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage to your managed endpoint or steals its information.
Realtime shield settings are controlled by policy which is configured in the management console. More information on changing policy settings is available in the user guide.
Realtime shield settings
Realtime Shield Enabled
Turns the Realtime shield on and off.
Enable Predictive Offline Protection from the central Webroot database
Downloads a small threat definition file to your managed endpoints, protecting them even when they are offline. We recommend that you leave this setting on.
Remember actions on blocked files
Remembers how the user responded to an alert (allowed a file or blocked it) and will not prompt again when it encounters the same file. If this setting is deselected, SecureAnywhere opens an alert every time it encounters the file in the future.
Automatically quarantine previously blocked files
Opens an alert when it encounters a threat and allows the user to block it and send it to quarantine. If this setting is off, the user must run a scan manually to remove a threat.
Automatically block files when detected on execution
Blocks threats and sends them to quarantine. If this setting is off, the user must respond to alerts about detected threats.
Scan files when written or modified
Scans any new or modified files that are saved to disk. If this setting is off, it ignores new file installations (however, it still alerts the user if a threat tries to launch).
Block threats automatically if no user is logged in
Stops threats from executing even when managed endpoints are logged off. Threats are sent to quarantine without notification.
Show realtime event warnings
Opens an alert when suspicious activity occurs.
Show realtime block modal alerts
Shows alerts when Heuristics detects malware, and prompts the user to allow or block the action.
Note: This setting must be set to "on" if Heuristics is set to "Warn when new programs execute that are not known good." Otherwise, users will not see the alert.
Show realtime block notifications
Shows a tray notification if the Realtime shield detects malware. If this setting is off, there is no tray notification, but malware is blocked and the home page shows that threats were detected.
... View more