Question

Buisness endpoint protection - monitor shutdown protection and webroot startup

  • 26 March 2020
  • 1 reply
  • 24 views

Badge +1

 I am new to this group, so please tell me where the most appropriate place this question should be placed.

 

I have a bunch of developers who do stuff that once in a while Business Endpoint Protection complains.

 

From what I can ascertain, in the policies I enable the policy “Allow SecureAnywhere to be shutdown manually”.  From what I can see this is the only way to allow developers access to the HOSTS file for example.

 

I need to be able to monitor the Manual Shutdown of and startup.  I see that the Windows Application Event Log Security Center application creates events and records “Updated Webroot SecureAnywhere status successfully to SECURITY_PRODUCT_STATE_OFF.” and “Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.”

 

Is there a way from within the Webroot Business Console to get this information for an endpoint?

 

Or is the only way to do this is to create a central event log manager?

 

Thank you,

 

David


1 reply

Userlevel 6
Badge +21

@David Woodson  - Welcome to the Webroot Community. This is as good a place to ask questions about endpoint for business as any. 8-)


Quick answer is to check the WRSVC service. If it’s running, then WR is running. If it’s not, then it’s been shut down manually and cleanly. (There’s a registry setting to detect if WR was shut down clean, which usually means using this policy setting.)

This is the cleanest method for your specific situation.

Reply