Webroot® Business Endpoint Protection
Welcome to the Endpoint Protection and management console Discussion Forum!
- 1,134 Topics
- 3,656 Replies
I finally had some time to look at WSA and Webroot Endpoint protection and I have to admit that I'm really excited about the product. Like I said I still do have some questions: [list=1] [*]Logfile:There are some informations in the WRLOG.log which I don't understand or can't relate to anything: [524832/0000001D] [(null)]; [Flags: 00001000.0]; Type: 3 (4661) [*]Rollback/Journaling: Where can I find out what applications and which application objects are getting journaled? And can you manually do a rollback or extract data from the journal? [*]Monitoring: How long are unknown processes monitored? Let's say I've got a self-made script which won't exist in the wild; will every change by this script get monitored forever(without whitlisting it)? [*]Firewall: Does the WSA firewall only work in combination with the Windows firewall? And is the firewall compatible with a proxy server? [*]From what I read WSA also includes a webfilter; can we manually block websites? [*]During my test I notice
This is currently one of the functions in the policy settings of Webroot. However, I have found out the hard way that several of the settings (IE cache, Chrome cache, and microsoft office recent document history) are not available to manage as part of the policy settings. Turning off the central management of the system cleaner does not rectify the situation -- the settings are left in place. The only way to change them that I've found is to set the machines in question to unmanaged policy, make the necessary changes, and switch it back to it's normal policy. I've confirmed this is a bug with support, and they let me know it's went to development but no eta on a fix. Has anyone else run into this? If so, what did you do to resolve the problem? I spent some time combing the registry and looking for settings elsewhere to see if I could find where Webroot stores the settings for the policies, but I couldn't find what I was after. I d
Thought I would post this incase new customers face the problems our company has faced with agents that are on the corporate network not updating. Since the beginning of the year I've been working with Bloxx, Checkpoint & Webroot to resolve the issue. Finally this week the problem was identified. The endpoints were attempting to download the latest agent and the files were being downloaded but corrupted somehow. Essentially our IPS blade was alerting that the WSA binary using the tool UPX. Whilst certainly benign in this instance, UPX is widely popular within the malware community. Our options were disable this layer of security or update using GP or login script. Anyway this may or may not help someone in the future but at least its here as a reference.
Wonder if someone can help me. I'm currently trialling Webroot Global Site Manager, and have generated some new Key Codes to deploy to endpoints. My question is this: I have used both the .exe and an .msi with the new keycode to install. If webroot is already installed, it just opens the GUI (if it's enabled). I was assured that the key code should over write the key code currently in place. Is there an easy way of doing this? When we do eventually migrate to the new console, we have a lot of clients that we are currently deploying via .msi. It would be a royal pain to have to uninstall nearly 1000 endpoints to just have a new key code. Any ideas?
Some folks over in the /r/sysadmin subreddit are putting together this site to help combat burnout: [url=http://burnout.io/]http://burnout.io/[/url] More details [url=http://www.reddit.com/r/sysadmin/comments/2740j9/burnoutio_help_us_build_a_resource_for_the_it/]here[/url].
HELLO, Our customers already and repeatedly had this problem. Custom software named "Bestia" and some actions performed by this soft are continuously blocked by Webroot. Last time I get info from Webroot Support that this problem was solved and some globally exclusion pattern was implemented. But this is not working well. But again Webroot blocks - for example Open Report action - because this action creates some random .dll files in Temp directory. It maybe has to do something with Bestia update but still this should be not an issue for you. After the initial WSA installation Bestia is sometimes blocked completely and then repeatedly some actions re blocked. So please, is it possible to implement some globally form and exclusion for this software because we had many clients (Town Offices) with the same issue and we need to solve this once and for all. Best Regards and waiting for answer
Hi there, I'm facing with the a problem on the "Webroot Secure Anywhere" webconsole. After I delete a policy and try to create a new one with the same name, I get an error that the name is already in use and the console refuses me to create the policy used in the past. I think after I delete a policy I should have the ability to decide using the policy (name) again or not. A deleted policy does not mean that this will never be used again. Is there a workaround or a fix. Kindly assist me for this problem. Regards, Huseyin Keskin Belstar Denizcilik ve Tas. A.S. Country IT Manager
[b]HP Launches Helion Cloud Platform for Government[/b] by Jeffrey Burt A brief summary: [i]The solution builds off HP's larger efforts in the cloud, including the $1 billion being invested in R&D.[/i] Hewlett-Packard is rolling out a private cloud offering for government agencies that is based on the Helion cloud platform the tech vendor announced three weeks ago. HP's Helion Managed Private Cloud for Public Sector is designed to give governments on all levels—federal, state and local—a managed and dedicated private cloud solution that enables them to create a shared service model across multiple departments, with the agencies essentially playing the role of IT brokers. The agencies can manage and monitor the use of resources via a Web-based portal. The technology enables the cloud platform to rapidly scale, direct services to their users and effectively control costs by letting agencies pay only for what they use. The Helion solution—a highly automated private
but it does look like the dissatisfaction numbers are on the rise: [url=http://www.eweek.com/small-business/it-professionals-overworked-losing-pride-in-their-jobs.html]http://www.eweek.com/small-business/it-professionals-overworked-losing-pride-in-their-jobs.html[/url] Sysadmin burnout has long been an issue, but is it worse lately?
Hi everybody, I received a support ticket from a customer who had a number of feature enhancement requests so I decided to post them here to let the rest of the community vote on them. And they are as follows: [b]1. It would be nice if you could remove the ”Deactivated Endpoints” from the Group View under Group Management. It’s very confusing to have that number in the middle of all the groups. Maybe move it somewhere else? [/b] [b]2. Also, it would be nice if you could move clients to a group when you have selected ”All endpoints” view. [/b] [b]3. Another nice feature would be to connect a policy to a group so that the policy is enabled automatically if a client is moved into that group. [/b][b] [/b] Thanks guys, Regards. Peter
I think he was more concerned about an attack from the other direction - someone internal that has access to sensitive information - or if someone obtained our login information to the web console. We have intellectual property that we need to protect, which is our biggest concern. Our current anti-virus is on one of our servers, rather than in the cloud, which he likes better. I am not sure if it makes much of a difference in terms of security...
I love that they're releasing all this cool data&colon; [url=http://techreport.com/news/26445/hdd-study-finds-little-correlation-between-temperatures-and-failure-rates]http://techreport.com/news/26445/hdd-study-finds-little-correlation-between-temperatures-and-failure-rates[/url] I use them for my home backups and find them to be excellent.
Hello, Due to the number of false positives with the Web Threat Shield, I have decided to allow users to overide the WTS. settings locally. Once the Endpoint WTS. is moved over to the web filter that is available in the consumer version I will revert these changes. As of today there is no concrete date on when this change will occur. I would like to send a message that displays on all Endpoints, that the customer must click on, explaining the changes. I would prefer not to have to email my customers. Is this possible? Regards Amber Computers
[url=http://www.reddit.com/r/sysadmin/comments/24mruf/79_percent_of_it_administrators_want_to_quit_due/]http://www.reddit.com/r/sysadmin/comments/24mruf/79_percent_of_it_administrators_want_to_quit_due/[/url] Does that match with your experience? Are you in the 79 percent?
Hello Business Users, Since two days I am the happy tester of WSA-EP. Although so far everything seems to be working flawlessly and I am pleasantly surprised with the possibilities offered by the management console, I've got a question... I made the installation of three endpoints with my own policy - the option "Only install the web filtering driver (do not install the web filtering browser addons)" - was set to off. It looks like the Web Shield Threat works, because potentially malicious sites are being blocked, however there is no Filtering Extension installed in any browser and of course I can't see the reputation marks while surfing the net (it works in consumer versions). So here is my question - does WSA-EP install Webroot Filtering Extension in browsers (GC, IE, FF)? Regards, Mike
Businesses aren't immune to state-sponsored attacks - they can be caught up when secret services target individuals, experts have said. Security experts speaking at InfoSec Europe warned that businesses often think such attacks are only something national governments do to each other, but businesses could prove to be the "weak link in the chain" Security analyst Graham Cluley explained: “You might not think you are of interest to the government of China or Greece, but your customers may be. We have to recognise [that]." For example, Cluely pointed to GCHQ hacking Belgacom, Belgium’s largest telecoms provider. He said no-one "is afraid of Belgium", it was the organisation’s clients that were the ultimate target. However, while businesses are at risk from state-sponsored attacks, criminals remain the greatest risk, especially via low-key techniques such as phishing or insider leaks. Michael J Driscoll, assistant legal counsel, at the Embassy of the USA said cybercriminals c
Microsoft is giving current users of its OneDrive for Business service a really big boost in file space. Starting today, the default cloud storage amount has been increased from 25GB to 1TB per user. [url=http://blogs.office.com/2014/04/28/thinking-outside-the-box/]The Office blog[/url] also reports that everyone who subscribes to Office 365 ProPlus will get access to 1TB of OneDrive for Business storage as well, again per user. Microsoft says they will offer help to business that wish to migrate data from their current cloud storage service to OneDrive for Business. These new changes come on the heels of Microsoft launching [url=http://www.neowin.net/news/microsoft-will-offer-onedrive-for-business-as-stand-alone-service-starting-april-1st]a standalone version of OneDrive for Business[/url] a few weeks ago, without the need to get a Office 365 subscription. [url=http://www.neowin.net/news/microsoft-increases-onedrive-for