Webroot® Business Endpoint Protection
Welcome to the Endpoint Protection and management console Discussion Forum!
- 1,128 Topics
- 3,621 Replies
Will reformatting my PC erase Endpoint Protection?
Yes stupid question as stated in the subject.But to make long story short I use to work for a company 3 months ago. They installed Webroot SecureAnywhere Endpoint Protection on my personal laptop because I use it for work. I don’t work for them anymore as I have moved country and can’t be bother contacting their IT to get it removed from their central console. Now I notice they left their Webroot on my laptop and cannot delete it or even open it. It tells me to contact system administrator bla bla bla… Well my laptop is very slow at times now so I am thinking of reformatting and doing a clean wipe of my PC. Will this successfully remove Webroot from my PC?Thanks
Whitelist overwrites - Applying to all machines
I’ve created some whitelist overwrites that I want applied to all machines. I’ve selected NO to apply to policy because the knowledge article says that by selecting NO it will apply to all policies on our site. Am I seeing and thinking about that correctly? Reference Link: https://docs.webroot.com/us/en/business/wsab_endpointprotection_adminguide/Content/UsingOverrides/CreatingWhitelistOverrides.htm
Any way to force daily scans?
Using the business version, is there any way to force a scan to run every single day?I have a policy to scan daily and “scan before 8 am when the computer is idle” but this appears to not cause a scan to actually happen but once a week. A specific computer I picked out as an example does not routinely experience “idle” times and is never shut off in normal operation, but spends entire weeks without performing a scheduled scan. There is another set of options such as “scan at 8 am when resources are available” but I am nervous to try it, it sounds to me like another conditional that might result in scans not being carried out under certain circumstances.Anyone have any knowledge about this?I also have an open ticket with Webroot but they’ve been slow to respond usefully, so I figured I’d take a shot on the forum.Incidentally, I am aware the real value of Webroot is its realtime scan, but I am required to show daily file scans are being conducted as well.
How do I disable Webroot on a single endpoint for testing?
Hello! New Webroot SecureAnywhere user here. I recently started at a company that uses this software however I have no experience with it. Dumb question, but we are troubleshooting some software issues on a PC that has Webroot SecureAnywhere installed on it. I have access to the Admin console but am unable to disable the software locally. How do I disable this software on a single PC for testing purposes?
App installs as standalone and does not show up in my console
I just started installing webroot endpoint on all my desktops. They all seem to install okay except one desktop. When I install using the link with the key code, it still asks for the key code and installs in as a standalone app. It doesnt show up on the console and the user has full control of the app.I tried rebooting, reinstalling, updating the pc… all the normal things, but it just doesnt want to seem to work. All the other installs are working fine on similar desktops. Any ideas???
How to react to Endpoint alert
Hi all,I’ve ended up here as I’m not quite sure where else to go for dialog. I'm not sure if I'm correct or incorrect in my approach. I'm interested in the greater opinion!Where I work, we have a fairly sensitive IT manager, who on seeing a Webroot Alert will shout 'fire fire fire' and shut everything and everyone down until a full investigation has been undertaken. This gets fairly wearing as every alert generates a lot of work. (Usually to no benefit) He has a particular urgency for Trojan notifications.Now, while I appreciate the sentiment, I can't help be get ever frustrated at this approach. I am under the (correct/incorrect?) impression that an alert from Webroot is a GOOD thing and that nothing has been executed/infected. Although I do agree that a quiet investigation is probably necessary to ensure that an infection hasn't taken hold.So my question/discussion point is this - if Webroot highlights an 'infection', is the detection done at a safe point i.e. pre execution, or
We are a versatile IT company in that we take care of both small business and home users. We are trying to move away from Eset Endpoint AV to Webroot. However, we are lacking some functionality and we don't know how to overcome it. In the Eset management portal, we are able to add custom fields so that we can accurately identify the customer, computer make and model, etc. I can't figure out how to do that in the Webroot SecureAnywhere portal. For businesses, I just create a new site and put all relevant business PCs installs under that. That’s no problem. However, for a home user, I can justify creating a site for each individual user. I am looking for suggestions or best practices on how to do some type of labeling for management and record keeping purposes. I know companies like Best Buy help home users - so how do they track their licenses per home user?? Suggestions please on how others do this?
Webroot SecureAnywhere removal from windows 10
Hello, I’m attempting to remove this software from our endpoints. The manual removal fails indicating it requires wsasme.msi, I do not have this file nor is it located on the endpoint.An attempt to remove them displays a missing msi file. further to this removal from WMIC errors out with “ ReturnValue = 1603;”
What mechanism is forcing Webroot Extension to forceinstall?
We are having major problems with Webroot WebThreat extension and have decided to no longer use it. I created a test group to go through the remove process. The group policy has WebThreat turned off.All devices in the group have the Webroot client saying the Web Threat shield is turned off. Annoying the client is saying a warning that it is disabled.I reboot a device, and the extension is still installed.I uninstall webroot, and the extension is still there.I run the following script I made:#!/bin/bashsudo /usr/libexec/PlistBuddy -c 'Delete :ExtensionInstallForcelist' /Library/Managed\ Preferences/com.google.Chrome.plistsudo /usr/libexec/PlistBuddy -c 'Delete :ExtensionInstallForcelist' /Library/Managed\ Preferences/*/com.google.Chrome.plistsudo /usr/libexec/PlistBuddy -c 'Add :ExtensionInstallBlacklist array' /Library/Managed\ Preferences/com.google.Chrome.plistsudo /usr/libexec/PlistBuddy -c 'Add :ExtensionInstallBlacklist:0 string kjeghcllfecehndceplomkocgfbklffd' /Library/Managed\
Selling my protection history
We recently received a “security report” from an insurance underwriter related to our Cyber Liability policy. Included in the report was the one and only incident that a user had with an email threat. The threat was promptly identified and remediated. My question, since the information included the users email address, time and date of the incident, how did the insurance underwriter get this information? The only place it is contained is within our webroot data. Are you know selling our security history logs with usernames, PII, etc.? If so, we will be dropping Webroot like a rock.
My friend ran a "Cracked webroot"
So my friend was trying to get a webroot subscription he had showed me this “free webroot cracked” lol just another key basically but he’s afraid now because he found out that you can basically do things to people’s computer from “endpoint” as its called, what can he do to prevent his computer from being damaged?Didn’t really know where to post thisAlso I told him to try uninstalling the webroot, so they cant run anything to the computer (I think)
Installing WebRoot on 2016 Windows Server
When installing WebRoot Secure Anywhere on a 2016 server do you need to change the policy in the Console to “Server” before installing on the Server.I have installed all so far with “unmanaged” policy until I get use to the software. Should I uninstall and reinstall with Server Policy instead of unmanaged or can I change the policy within the program?
Webroot Client possibly (probably) causing App crash
We have a legacy VMware Thin App virtualised application which has been working until quite recently, i.e. just in the last day or so, users are experiencing app crashes when launching the virtualised app.We have found that removing the Webroot client from a sample computer eliminates the symptoms of the application crashing and therefore we believe that the Webroot client is interfering with execution.We have added Global Whitelists entries for the Application executable and for the UNC from where the Application executable is run and streamed, but this has not resolved the issue.I suspect that somehow the Webroot client is interfering with the data streaming process upon which the ThinApp virtualisation framework depends.This affected application is business critical, so I need to find a way to correct this behaviour, or we will be forced to abandon Webroot in favour of an alternative AV solution for all affected users. I have a raised a Support ticket today and currently awaiting a
Manual scan doesn't scan subfolders
My company recently moved from Trend to WebRoot. When working from home I used to be able to use Trend to scan my personal laptop via a local network shared folder. I tried this with WebRoot and it seems to work if I just want to scan one file, but if I choose to scan a folder it doesn’t scan the contents of any subfolders.
Horrible Sales and Billing Support... Are there any humans at Webroot?
We have been using Webroot Secureanywhere for over 8 years at our business. This last year we have downsized our staff significantly and at renewal we notated we no longer needed our full 20 stations, but instead only 5 licenses would be needed. These systems had webroot removed and were booted down. The backend showed only 5 active stations/licenses. Sure enough at renewal we were billed for all 20 stations.I contacted support and got a response WEEKS later that a refund request had been escalated. After an additional week with no return I contacted via phone. Long story short we finally were downgraded to the correct license amount and received a refund about 38 days after the initial request.Keep in mind, the downgrade was an annual payment. The following month (March or April) we started to be billed an erroneous $13. 50 a month since then. I then opened another ticket las month and received a response 7 days later saying they were looking into it. Days later… nothing. I replied ba
Global Console does not show the site's renamed endpoint
Within my site, I’ve renamed some endpoints so that they are more descriptive than some of the generic hostnames. Here’s the issue, those custom names don’t appear in the global console - neither in the groups nor in reports. I’m trying to deploy evasion shield, but this limitation makes it unusable. Evasion shield’s reports don’t appear within my site, only the global console. But the global console doesn’t honor my custom endpoint names. So when I run the evasion shield reports, I get a list of endpoints but they are the original hostnames which are meaningless to me. I have contacted support about this issue. They advised this is a known issue but is low on the priority list for dev. I suspect that Webroot doesn’t fully understand or appreciate the depth of this problem. You keep pushing to use evasion shield, but evasion shield isn’t useful for me until this is fixed. Either include the evasion shield reports within my site or fix this bug in the global console, please.
Evasion Shield alerts
We have enabled Evasion Shield and set it to remediation after a test period. The problem is that we do not receive alerts when a script is detected/quarantined. We have to run a report, daily, to discover potential problems. Do you confirm this behaviour? Thank you in advance. -- Nicola
Endpoint Policy Updates and GSM
Hi I just wanted to ensure my understanding on how endpoints (managed by GSM) get policy updates and how this is reflected in the GSM portal. Setup: I have a group called “test-group” I have a policy applied to the group called “test-policy” I have a pc in that group called “test-PC” The test-policy has polling interval set to 15 minutes Questions: If I make a change to the policy, “test-PC” endpoint should reflect that change within a max of 15 minutes? How long should I then expect for that change to then reflect back in the GSM portal. If a policy polling interval is 15 minutes, then the “Last Seen” value should never be more 15 minutes in the past (unless of course the device has been switched off)? 2 Specific examples: This morning I have turned on the Evasion Shield for a group of servers and this afternoon they are still not reflecting the change. Polling is set to 15 minutes and the “Last Seen” value is within the last hour. Another example this morning I enabl
GSM or Endpoint Protection Console - What should I be using?
Hi I have some questions regarding the fundamentals of Webroot and the GSM and Endpoint Protection Console We are an internal IT department that use Secure Anywhere Webroot Endpoint Protection (We are not an MSP). We have 1 site in GSM which contains groups of our company devices with policies associated to those groups (IT Dept, Users, Server, Terminal Servers etc) Policies in GSM are pushed down to the Endpoint Protection Console (We didn't do this and must have been converted from the legacy console when GSM was pushed out to us……) What console should we be using to manage everything? I can see there are some major differences: for example: GSM Policy management has features that the Endpoint Protection Console doesn't such as the new Evasion Shield - This doesn't show in the Endpoint Protection Console at all Endpoint Protection Console has many more agent commands than GSM Reporting in GSM has many more reports compared to Endpoint Protection Console No Deactivated grou
Join the Conversation
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.