I am new to this group, so please tell me where the most appropriate place this question should be placed.
I have a bunch of developers who do stuff that once in a while Business Endpoint Protection complains.
From what I can ascertain, in the policies I enable the policy “Allow SecureAnywhere to be shutdown manually”. From what I can see this is the only way to allow developers access to the HOSTS file for example.
I need to be able to monitor the Manual Shutdown of and startup. I see that the Windows Application Event Log Security Center application creates events and records “Updated Webroot SecureAnywhere status successfully to SECURITY_PRODUCT_STATE_OFF.” and “Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.”
Is there a way from within the Webroot Business Console to get this information for an endpoint?
Or is the only way to do this is to create a central event log manager?
Quick answer is to check the WRSVC service. If it’s running, then WR is running. If it’s not, then it’s been shut down manually and cleanly. (There’s a registry setting to detect if WR was shut down clean, which usually means using this policy setting.)
This is the cleanest method for your specific situation.