I'm currently trialing Webroot Endpoint for our business. I'm pretty impressed, but there's a combination of two things that I find a little worrying. I'm hoping someone can put my mind at rest!
I spotted the "Agent Commands" dropdown, which allows me to remotely send a variety of commands to an endpoint via the GSM. This includes some really powerful stuff like "Download and run a file" and "Run a DOS command". I'm concerned that if there's any way for an attacker to get access to GSM (either through my incompetence or a problem at Webroot), those options give them a massive amount of power to cause havok across the network.
That, combined with the lack of 2FA on GSM, seems to me to be a pretty huge potential security problem.
Is there a way to disable those options? Is there a reason that I shouldn't be worrying about that?
Any thoughts or advice would be much appreciated!
Best answer by browellView original