Webroot® Business Endpoint Protection
Welcome to the Endpoint Protection and management console Discussion Forum!
- 1,134 Topics
- 3,656 Replies
Hi all,I’ve ended up here as I’m not quite sure where else to go for dialog. I'm not sure if I'm correct or incorrect in my approach. I'm interested in the greater opinion!Where I work, we have a fairly sensitive IT manager, who on seeing a Webroot Alert will shout 'fire fire fire' and shut everything and everyone down until a full investigation has been undertaken. This gets fairly wearing as every alert generates a lot of work. (Usually to no benefit) He has a particular urgency for Trojan notifications.Now, while I appreciate the sentiment, I can't help be get ever frustrated at this approach. I am under the (correct/incorrect?) impression that an alert from Webroot is a GOOD thing and that nothing has been executed/infected. Although I do agree that a quiet investigation is probably necessary to ensure that an infection hasn't taken hold.So my question/discussion point is this - if Webroot highlights an 'infection', is the detection done at a safe point i.e. pre execution, or
We are a versatile IT company in that we take care of both small business and home users. We are trying to move away from Eset Endpoint AV to Webroot. However, we are lacking some functionality and we don't know how to overcome it. In the Eset management portal, we are able to add custom fields so that we can accurately identify the customer, computer make and model, etc. I can't figure out how to do that in the Webroot SecureAnywhere portal. For businesses, I just create a new site and put all relevant business PCs installs under that. That’s no problem. However, for a home user, I can justify creating a site for each individual user. I am looking for suggestions or best practices on how to do some type of labeling for management and record keeping purposes. I know companies like Best Buy help home users - so how do they track their licenses per home user?? Suggestions please on how others do this?
Hello, I’m attempting to remove this software from our endpoints. The manual removal fails indicating it requires wsasme.msi, I do not have this file nor is it located on the endpoint.An attempt to remove them displays a missing msi file. further to this removal from WMIC errors out with “ ReturnValue = 1603;”
We are having major problems with Webroot WebThreat extension and have decided to no longer use it. I created a test group to go through the remove process. The group policy has WebThreat turned off.All devices in the group have the Webroot client saying the Web Threat shield is turned off. Annoying the client is saying a warning that it is disabled.I reboot a device, and the extension is still installed.I uninstall webroot, and the extension is still there.I run the following script I made:#!/bin/bashsudo /usr/libexec/PlistBuddy -c 'Delete :ExtensionInstallForcelist' /Library/Managed\ Preferences/com.google.Chrome.plistsudo /usr/libexec/PlistBuddy -c 'Delete :ExtensionInstallForcelist' /Library/Managed\ Preferences/*/com.google.Chrome.plistsudo /usr/libexec/PlistBuddy -c 'Add :ExtensionInstallBlacklist array' /Library/Managed\ Preferences/com.google.Chrome.plistsudo /usr/libexec/PlistBuddy -c 'Add :ExtensionInstallBlacklist:0 string kjeghcllfecehndceplomkocgfbklffd' /Library/Managed\
We recently received a “security report” from an insurance underwriter related to our Cyber Liability policy. Included in the report was the one and only incident that a user had with an email threat. The threat was promptly identified and remediated. My question, since the information included the users email address, time and date of the incident, how did the insurance underwriter get this information? The only place it is contained is within our webroot data. Are you know selling our security history logs with usernames, PII, etc.? If so, we will be dropping Webroot like a rock.
Webroot secureanywhere endpoint protection doesn't show up in program list to uninstall. running manual command to uninstall giives error that the service is centrally managed and must be uninstalled from webconsole. The customer does not have this info. The customer does NOT have contact with last IT vendor (relationship ended badly). How do I uninstall this borderline-malware, garbage software without formatting and reinstallinng windows?
So my friend was trying to get a webroot subscription he had showed me this “free webroot cracked” lol just another key basically but he’s afraid now because he found out that you can basically do things to people’s computer from “endpoint” as its called, what can he do to prevent his computer from being damaged?Didn’t really know where to post thisAlso I told him to try uninstalling the webroot, so they cant run anything to the computer (I think)
When installing WebRoot Secure Anywhere on a 2016 server do you need to change the policy in the Console to “Server” before installing on the Server.I have installed all so far with “unmanaged” policy until I get use to the software. Should I uninstall and reinstall with Server Policy instead of unmanaged or can I change the policy within the program?
We have enabled Evasion Shield and set it to remediation after a test period. The problem is that we do not receive alerts when a script is detected/quarantined. We have to run a report, daily, to discover potential problems. Do you confirm this behaviour? Thank you in advance. -- Nicola
My company recently moved from Trend to WebRoot. When working from home I used to be able to use Trend to scan my personal laptop via a local network shared folder. I tried this with WebRoot and it seems to work if I just want to scan one file, but if I choose to scan a folder it doesn’t scan the contents of any subfolders.
We have been using Webroot Secureanywhere for over 8 years at our business. This last year we have downsized our staff significantly and at renewal we notated we no longer needed our full 20 stations, but instead only 5 licenses would be needed. These systems had webroot removed and were booted down. The backend showed only 5 active stations/licenses. Sure enough at renewal we were billed for all 20 stations.I contacted support and got a response WEEKS later that a refund request had been escalated. After an additional week with no return I contacted via phone. Long story short we finally were downgraded to the correct license amount and received a refund about 38 days after the initial request.Keep in mind, the downgrade was an annual payment. The following month (March or April) we started to be billed an erroneous $13. 50 a month since then. I then opened another ticket las month and received a response 7 days later saying they were looking into it. Days later… nothing. I replied ba
Or is there a way to do it from the groups list as it'll show all of the old but no option to disable. We have 90 clients and 3K devices and the switching between tabs in the Webroot Console is ridiculously slow and tedious switching between tabs.
I see a new version for Mac has been released since 8 days, a new version for Windows has been released since 17 days. However, all agents in my clients are stil the old version. Mac is 184.108.40.206 Windows is 220.127.116.11 I know they said not everyone will receive the update at the same time, but one or two weeks should be enough? Any problem with upgrading?
Within my site, I’ve renamed some endpoints so that they are more descriptive than some of the generic hostnames. Here’s the issue, those custom names don’t appear in the global console - neither in the groups nor in reports. I’m trying to deploy evasion shield, but this limitation makes it unusable. Evasion shield’s reports don’t appear within my site, only the global console. But the global console doesn’t honor my custom endpoint names. So when I run the evasion shield reports, I get a list of endpoints but they are the original hostnames which are meaningless to me. I have contacted support about this issue. They advised this is a known issue but is low on the priority list for dev. I suspect that Webroot doesn’t fully understand or appreciate the depth of this problem. You keep pushing to use evasion shield, but evasion shield isn’t useful for me until this is fixed. Either include the evasion shield reports within my site or fix this bug in the global console, please.
Hi I just wanted to ensure my understanding on how endpoints (managed by GSM) get policy updates and how this is reflected in the GSM portal. Setup: I have a group called “test-group” I have a policy applied to the group called “test-policy” I have a pc in that group called “test-PC” The test-policy has polling interval set to 15 minutes Questions: If I make a change to the policy, “test-PC” endpoint should reflect that change within a max of 15 minutes? How long should I then expect for that change to then reflect back in the GSM portal. If a policy polling interval is 15 minutes, then the “Last Seen” value should never be more 15 minutes in the past (unless of course the device has been switched off)? 2 Specific examples: This morning I have turned on the Evasion Shield for a group of servers and this afternoon they are still not reflecting the change. Polling is set to 15 minutes and the “Last Seen” value is within the last hour. Another example this morning I enabl
Hi I have some questions regarding the fundamentals of Webroot and the GSM and Endpoint Protection Console We are an internal IT department that use Secure Anywhere Webroot Endpoint Protection (We are not an MSP). We have 1 site in GSM which contains groups of our company devices with policies associated to those groups (IT Dept, Users, Server, Terminal Servers etc) Policies in GSM are pushed down to the Endpoint Protection Console (We didn't do this and must have been converted from the legacy console when GSM was pushed out to us……) What console should we be using to manage everything? I can see there are some major differences: for example: GSM Policy management has features that the Endpoint Protection Console doesn't such as the new Evasion Shield - This doesn't show in the Endpoint Protection Console at all Endpoint Protection Console has many more agent commands than GSM Reporting in GSM has many more reports compared to Endpoint Protection Console No Deactivated grou
Is there anyone that has problems with duplicated hostnames/agents in your customer sites? I have to frequently check all my sites for agents that has been duplicated and therefore breaks the licensing seats. it should be fixed because this is a problem but for now i can manage if i could get a better view of sites that has to many licenses issued.
I am new to this group, so please tell me where the most appropriate place this question should be placed. I have a bunch of developers who do stuff that once in a while Business Endpoint Protection complains. From what I can ascertain, in the policies I enable the policy “Allow SecureAnywhere to be shutdown manually”. From what I can see this is the only way to allow developers access to the HOSTS file for example. I need to be able to monitor the Manual Shutdown of and startup. I see that the Windows Application Event Log Security Center application creates events and records “Updated Webroot SecureAnywhere status successfully to SECURITY_PRODUCT_STATE_OFF.” and “Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.” Is there a way from within the Webroot Business Console to get this information for an endpoint? Or is the only way to do this is to create a central event log manager? Thank you, David
Support ticket (#314077) I got on an endpoint yesterday and the Webroot icon down by the clock was greyed out and when you hovered on it, it said “Protection Disabled”. All I had to do was open it and click “Enable” but that bring up a couple questions: 1) How did it get disabled in the first place? I can see the option to “Shut Down Protection” but not simply disable it. How did the end-user do this? 2) Why wasn't I notified and why is the “Disabled” status not reflected in the GSM? Supports response: To #1 we don’t know. To #2 they never responded even though I asked it twice. Gotta love their support…….
I have never, in my life, seen a bigger waster of time and money. This software is a bottomless pit of pain and frustration with no end in sight. The GSM can’t contact the endpoint. Commands expire. The endpoint can’t contact the GSM so you can’t uninstall it because it things it is managed. Excludes aren’t excluded. it won’t register as the the “on” virus in Security Center so both Windows Defender and Webroot are active. It won’t install or uninstall properly. It is hit and miss if it puts itself in Add/Remove programs. The latest update makes the WRSVC service fail to start because it is improperly digitally signed. Endpoints show up in the wrong site It thinks programs are harmful that are totally safe. Now you can’t even end the numbering system in the post! Can’t you do anything right Webroot! Do not use this program! It is total junk!
We're implementing/still testing a virtual desktop infrastructure using Citrix XenDesktop 7.6 running atop VMware vSphere 5.5. The environment is built, support servers running, etc. and we're working on master image deployment via Citrix PVS, but we're running into trouble when it comes to WSA installations. According to the documentation, running WSA is supported within the virtual environment, either using the -clone or -uniquedevice commandline option. We're building WSA into our master image and we've tried it both ways (used both command line options), but when we provision our virtual machines, we don't see those registering within the Webroot Admin Console. When we used -uniquedevice, we saw 1 provisioned VM register in the console but with continual refreshes, that same instance in the Admin Console would change names, our assumption was that we were seeing the last provisioned VM to check in. When we used -clone, to be honest I'm not exactly sure
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.