Webroot® Business Endpoint Protection
Welcome to the Endpoint Protection and management console Discussion Forum!
- 1,134 Topics
- 3,656 Replies
Hey All, Going through some of the policy settings in my GSM and under the Identity Shield you have the option to turn it on/off, but near the bottom there are two options: - Enable Identity Shield Compatibility Mode - Enable Keylogging Protection in non-Latin Systems By default they are set to OFF. What are the Identity Shield Compatibility Mode and Keylogging Protection in non-Latin Systems? What uses or scenarios would they be used in as an example? Thanks John
I am using SecureAnywhere. I have created a policy specifically for admins. The purpose of the policy is to allow admins to turn off any part of Webroot running on their PC. Under Basic Configuration, I have set "Allow SecureAnywhere to be shut down manually" but I see no effect from that and still no way to stop SecureAnywhere.
Hey all, Mac clients all show an old agent version. Because Mac's are not managable via the console, does one need to manually update the agent on the Mac? Am I correct that the definitions (or protection as WR doesn't use local defs...is that rignt???) are up to date and the Mac is protected even with the older agent? I do see in history that Deep Scans are happening on a daily basis. Insight on how you guys are working with Macs would be helpful. Thanks
Hey All, I have a client that has WSA installed on all their endpoints as well as their server. There are roughly 10-20 simultaneous logged in users to the RDP server at any given time and we have gotten alerts that there was action taken against malware being executed on the server. I have the alert setup to display the current user, but when they are logged into the RDP session, the alert comes through but doesn't show the logged in user in the alert email. Is there a way to tell in the GSM or tweak the alert to show who is logged into the RDP server and triggered the malware alert? Thanks John Nerds On Site
How do we disable the shutdown agent command? We want to install Webroot onto our Hyper-v, Exchange and AD servers but we don't want the AV admins to be able to shutdown (or reboot) these servers. I can see that we can set up sub-administrators who don't have the permissions to issue commands but our global admin can bypass all of the security we have setup in AD to stop them accessing certain servers. And access to these commands (and logging in) does not seem to be alertable nor auditable (outside of the console). Is there a way we can globally or selectivity disable/remove agent commands? Is there a way to alert on logons? Is there a way to alert on command actions? Is there a way to export the logs? Thanks, martin
Hi, Who do I contact within Webroot in order for them to take a look at our GSM policies etc.. to ensure that they are in good order? As part of our companies internal auditing this summer, we have to provide a clean bill of health or recommendations on what we need to do to improve our security policies, and Webroot is on that list. Thanks John
I've noticed a few detections of the following: CHROME-PATCH.EXE, W32.Adware.Gen, %cache%, [url=http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx?MD5=A8DBC384D9B82ED670193D042CDFD3F6]http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx?MD5=A8DBC384D9B82ED670193D042CDFD3F6[/url] A8DBC384D9B82ED670193D042CDFD3F6, Is this really bad, or is it just Chrome updating itself?
This was an interesting question put to me by a client who was a bit weary of onboarding to a cloud based solution with Machine Learning etc... He asked me this and I will post to you: What would happen if an employee of Webroot or an account admin was compromised, or went rogue and changed the rules so that every system was essentially unusable? Thanks John
This caused our customers who subscribe to your services or one of your partners (Cisco) to lose access to our site. We reviewed our servers and found nothing to indicate we had a problem. The canned response (see below) provieded is not enough to justify the interupption to our business. We want specific justification for your actions. "Our automated evaluation system uses a machine learning algorithm to determine the reputation of an IP, to which the experience of a Web and Threat Analysis team is added when further research on a website is requested. Unfortunately we cannot disclose the proprietary intelligence data collected regarding this site. If further details are needed you may elect to contact the IP owner in order to request more information about any recent changes to the site source code that may have triggered the scanners to flag the site as malicious. Best, Webroot BrightCloud Threat Intelligence Support" Doug Downing
Hey All, Is it possible to push out a registry or DOS command to add a 32 bit DWORD named "Enabled" with a value of 0 to the following key in the Windows registry: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Script HostSettings This is essentially disabling the Windows Script Host to prevent scripting malware and we don't want to have to go to every system at certain clients. They also all don't have domain or group policy environments so that's not always an option there. Anybody know the right registry or command prompt arguments to do this through the GSM console? Thanks John
Hi, I would suggest business POLICY would have additional option to modify: [list] [*]ALLOW EXCEPTIONS, which would allow end-user to add an exception (well, some end-users use cracked software and as I understand it is not my policy as a business WRSA reseller to tell them not to use such a software....so I as a Web Console caretaker would not like to add exceptions for end-users, because doing so I would break, for example, my agreement woth Microsoft as a Golden partner. But if end-user does it himself, it's not my concern)[/list]
Agent Commands Download and Run is hit or miss. On some machines it will download the file, an exe and run it no issue. On other machines it just doesn't work. 1) where does the file get downloaded so I can verify that part is working? 2) is there any log on the client to see what is going on? 3) any detailed information on this feature is greatly appericated. Thanks, Brad
I have PC's that are located in remote locations and not connected to internet. Is there a way to get definition files to these PC's via flash drive or DVD? My concern is getting virus from tech support folks working on the system and bringing flash drives to retrieve data or load software.
Hi, We utilise webroot proxy for our business and roughly 15 pc's work through it. One person in the business spends their day searching the web for new retail clients we can supply too. However, when trying to access a good number of these websites they are blocked by webroot. This happens regularily and makes their job very difficult as to get each one unblocked requires a phone call to the IT support company we use, then a series of calls to get authorisation and a delay whilst webroot access updates. Our IT support company say that retail websites should be accessible but time and time again they are blocked. We have asked about reducing the security settings to enable more freedom and they said they cannot without loweringit for everybody else and endangering the whole office. This is making webroot really unpractical for us and wondered if you could provide a solution to present to them as they appear reluctant to offer us any options. Thanks.
The backup was not successful. The error is: Windows Backup failed while trying to read from the sha
Windows Backup failed while trying to read from the shadow copy on one of the volumes being backed up. Please check in the event logs for any relevant errors. (0x81000037). I get this error when I try to run a backup. I have removed the quarentined files, at great hardship, and I am not sure that I removed them completely. I really could use some help on this.