Demo

Webroot Management Console: Tech Deep Dive and Q&A

  • 23 April 2021
  • 1 reply
  • 276 views
Webroot Management Console: Tech Deep Dive and Q&A
Userlevel 7
Badge +48
  • Community and Advocacy Manager
  • 1694 replies

In this video, we'll demonstrate the new look and feel of our console. It features a cleaner, more contemporary design with responsive and intuitive enhancements based on customer research. We also cover improvements to system status, actionable remediation workflows, granular visibility and user error prevention.

 

Questions and Answers

We had so many people asking great questions at the end of the demo that we thought we'd write these out for everyone. Lots of great info but if you have other questions for us, please ask away in the comments below. 

 

 

Does the ConnectWise Automate plugin change as a result of this new interface?

None of RMMs affected. API remains as is. 

I'm sorry I might have missed it, but if site policy is going away, how can we go about with granular control of the policy on the site level within the global policy?

Sorry for confusion there old style policy still available for now but will go as new UI/UX  changes. There is still policy at the Site and Global levels and we recommend doing policy at Global level.

Can you repeat what you said about 2FA? Is it not available at all or just not a requirement?

Still there, and if enabled remains as is.

Does the ConnectWise Automate plugin change as a result of this new interface?

No it doesn't all API and partner integrations are unaffected by the move to the new console.

The new interface is a great improvement

Thanks and this is only the basic 1st version, the component technology it is built upon will now make new features a lot faster to introduce, and we have lots of improvements planned this year.

I'm sorry I might have missed it, but if site policy is going away, how can we go about with granular control of the policy on the site level within the global policy?

Thanks John for the question. See Q3 also.  I hope Shane was able to clarify that for you.  Please feel free to ask any more questions.

Will the site policies will get imported to the new site or do we need to manually recreate them?

Everything set-up today moves over automatically. 

Where can I see the previous DNS/SAT recordings, and this recording when finished? I'd like to pass this to others on our team to see the changes

All of these recordings are available on the Webroot Community  or more directly here

How does Webroot handle fileless malware?

The Webroot Evasion Shield - Script Shield handles fileless malware in the form of fileless scripts. The new behavioral engine Foreign Code Shield that will be introduced shortly also detects and stops fileless attacks.

Does Webroot have plans to create an EDR type of platform? Sounds like Evasion Shield does this?

Unfortunately, we can't provide much insight since we are a public company, but I can confirm we are investigating EDR. We do offer extracts of telemetry data to EDR/MDR tools, syslog server BETA and SIM/SIEMs. So there is a lot of working going on in this area. Our Evasion Shield will enhance efficacy and improve early detection, but it will not provide that level of contextual information initially.

Is Evasion Shield a separate product or built into the Webroot agent?

It is built-in and can be found in Policies, it is the last Policy Section.  As Jonathan mentioned, it is OFF by default so review the ON settings for your purposes, but Detect and Remediate is the ultimate protection

Will there be alerting related to Evasion Shield showing what was blocked or is happening? Currently we can only get alerts for a file detection.

Yes there is alerting for Evasion Shield both Script and Foreign Code shields 

How does Roll-back work? can it roll back windows registry changes if the threat has successfully changed or added entries to the registry

The short answer is yes. If no good/bad determination can be made on a given file, the agent monitors it extremely closely and records (“journals”) its actions. If that file tries to modify the system in such a way that could not be reverted automatically, the administrator receives a notification and the change is blocked. This behavior monitoring engine also ensures that threats that bypass local offline protection cannot do lasting damage. Roll back protects the host drive including Registry settings and will revert to the Registry entries before an attack began both for changed or added entries.

Will there be alerting related to Evasion Shield showing what was blocked or is happening? Currently we can only get alerts for a file detection.

Absolutely but timing on that release is something I do not know.  The great part of this console update is that we are now able to create quick microreleases that can get the feature requests out to the end users faster.

"Entities" = Unique devices using one or more products?

Entities are devices, correct.  The device can have multiple products to it, like DNS and Endpoint Protection. 

Will we be able to fully delete individual agents\entities as well?

You can Deactivate any endpoint from the Entities section.  As far as Delete goes....the new feature that is in this release is the ability to Delete a Deactivated site.

Will there be a policy to enforce 2FA for admins?

Not immediately on this release but you have a new quick view into all those that are not using it with this new console.  We also have the ability to create new microreleases so feature requests like this are capable of getting to you much faster.

So does deleting a site move the devices to a deactivated group or actually delete?

It moves those devices to the Deactivated Group, but completely removes those devices and the Entire Site from the Console

Is the policy changes/Save no longer have a promote draft changes to live? 

That exists in the Endpoint Console for a Site (that hasn't changed yet) but the Publish feature is not present at the Global Policy level...that changes are made and will apply to the devices based on the Polling Interval which should be set to the minimum of 15 minutes.

Should all of our existing Unity API integrations for creating sites/admins etc. still work?

Yes, they will work as before

Can you force admins to have MFA?

Not in this release

Does Webroot have plans to create an EDR type of platform?

Unfortunately, we can't provide much insight since we are a public company, but I can confirm we are investigating EDR. We do offer extracts of telemetry data to EDR/MDR tools, syslog server BETA and SIM/SIEMs. So there is a lot of working going on in this area

Will there be corresponding updates to the integration with any RMM systems/software alongside this new Management Console release?

This Console update will not affect any of the RMM integrations - they are developed  with those RMM partners

When can we expect the refresh of the local agent GUI/UI?

It is due this year

It moves those devices to the Deactivated Group, but completely removes those devices and the Entire Site from the Console Doesn't make sense. Does it remove or not?

The devices are removed when the Site is deleted, but there is not a way to delete devices at the moment

What does the new console look like for us small orgs that only have one site?

There is a single site version that looks identical to the multi-site version and has all the same functionality now across all Webroot solutions

Is there a way to automatically Deactivate Devices that have not been seen in a certain amount of days like 30 days?

Not at this moment but that is an excellent one to submit.  Please do through this link.

Can we do everything in the new console that we could do in the old console? e.g. would there be any need to revert back to the old console whilst we wait for all functionality to be moved to the new console?

It's a cutover with no reverting but it does not leave any features/options behind.  It only add new features and relocates a couple others

Is there a better way to track and search Overrides in the new console? We have like 13 pages of overrides, and we find the lack of a search function makes finding if something is already excluded/blocked a pain.

We are currently looking at easier management of Overrides.

How aggressive is the evasion shield? Is it going to conflict with PowerShell scripts that are running automation tasks, for example?

While very low, there is still a chance for false positive detections. With that in mind, I would suggest turn the "script protection" component of Evasion Shield to "detect and report" to understand what is reported and mitigate impacting your desired PowerShell scripts?

Will "Tags" still be available for use with Sites?

They will.

Is there thought given in the near future if the capabilities allow, to go above the 1000 "soft limit" of sites. As a large MSP we have multiple consoles currently. 

While we don't have a specific timeline, this is actively being investigated for a future release

Do you have a suggested process for how to turn on Evasion Shield to best mitigate conflicts?

Evasion Shield has a Detect & Report policy setting that is basically an Audit mode. It will detect and report on anything it considers blocking. You should run in this mode for a week or longer if the environment is more complex. You then use the report to allow those items you consider safe. And then change the policy to 'Detect and Remediate' so blocking is automatic. As with all blocks the admin can change anything blocked to allow if it is a false positive. 

 

 


1 reply

Userlevel 1

Where can you find deactivated devices in the new interface?

Is that possible without going to the old interface?

 

Is it possible to change the interface language without changing the language of the browser in which it is opened? I would like to have the management console in English, regardless of my browser setting.

Reply