Is there anyway to get Webroot to scan immediately anyway, as with 200 + machines to roll this out to, we could do without manual intervention.
Best answer by ShawnView original
Best answer by ShawnView original
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Welcome to the Webroot Community!
Can you please tell me a little more about how you are deploying the MSI?
Are you using GPO or the SecureAnywhere Remote Deployment tool?
Shawn Townsend | US Enterprise Support Team Lead
After having a complete failure using the RDT, I'm using Group Policy.
I followed the Education post about modifying the .msi, but have been dealing with Group Policy for the best part of 5 years anyway.
Go to "Group Management" and select "All Endpoints". Pick the machines you wish to scan (or hit the box to select them all) and under "Agent Commands" select "Agent" and "Scan". This will trigger all your machines to execute a scan.
That's all very well, if the PC's are showing in the console in the first place. It's my understanding that an initial scan is required prior to the PC reporting to the console?
Make sure you test your ability to update the product between versions.
explanoit - I don't understand; surely msi deployment is sufficient to get the product out to client machines, and then have the console update?
The only way for me to fix this is to eventually develop a script to remove all traces of the MSI-based installation which is not fun or safe.
Using MSI was the worst WSA-related decision I ever made. I'd like to hear from Webroot if they have improved this. It has been a year since this happened.
So which method should we be using for multiple client deployment?
I deployed WSA in literally the very first stages of public release. Much has been changed and improved since then. I have not used MSI or investigated how it currently works. I suspect they've fixed it since so many businesses rely on that deployment method.
Thanks for responding:D
Yes that is correct that a "Learning Scan" is required for the endpoint to register in the management console. This is randomized to reduce network load during the deployment phase but hostnames should start to appear in the console shortly after.
GPO deployment is the recommended method if systems are on a domain. The MSI is easily modified to include any required switches, arguments, parameters and keycode.
The issue that explanoit is referring to is if someone was to install with the executable then run the MSI over the top, you will see two entries for WSA in appwiz.cpl. Running the MSI then the executable does not result in duplicate entries.
I have not had reports of this causing the console to display the incorrect build either, explaniot - if you are seeing this please open a support ticket so this can be escalated to development.
Once having deployed the agents will continue to auto update if enabled without issue.
Thank you Amanda and please let us know if you have any further quesitons,
Webroot Enterprise Support
To clean up, we are uninstalling all versions then redeploying through KBOX. We now limit the software distribution to only devices that do not have any version of Webroot installed. After the initial install we let Webroot auto-update. May not be the cleanest deployment but it works for us.
Yes, I installed via MSI and allowed self-update. It installed a second version in the add/remove programs and did not update the MSI installation. Very annoying.