Webroot® Business Endpoint Protection
Welcome to the Endpoint Protection and management console Discussion Forum!
- 1,137 Topics
- 3,618 Replies
How do I remove an endpoint from a console that no longer exists becuase the system was wiped?
Hey Everybody, I've had a client wipe their system to factory defaults, thereby removing the WSA agent from her system. I've since reconfigured everything and reinstalled the agent onto the system. Problem now is that there are two systems with the identical name being reported in the console. How do I remove the old endpoint as I've hit deactivate, but there's no agent to remove. Client is concerned about being double billed for the one endpoint. Thanks John Hart Nerds On Site email@example.com
Webroot Scan Frozen - Fix
On our RDS servers, occasionally we get a report of a virus and go to do a follow-up scan and it will not move past 1%. It is frozen at scanning for rootkits. Sometimes we can't even cancel the scan. My theory is that one of the instances (maybe even "System") has a dialogue box open that nobody is clicking on - perhaps a prompt to clean the infection. I stumbled upon a quick, no-reboot fix. 1. Shut down Protection (a bit scary, but not as bad as having a frozen AV product!) 2. Kill all WRSA processes. 3. Restart the WRSVC 4. Scan away! We use Labtech to make killing the processes and restarting the service a bit easier. Also Process Explorer comes in handy to watch them all stop and restart. Come to think of it, it is also possible that a -poll command sent in the background produced a dialogue box that nobody even sees to click on.
Endpoints "Not Seen"
I have 2 servers with Webroot that haven't been seen by the Webroot portal in 10 days. I tied into them to see what was going on. Webroot is still installed and running, and it appears to still be running scheduled scans. It has the correct keycode still. By all appearances it seems to be running correctly, but it can't communicate to the portal. I issued an agent command to scan for testing purposes. I tried running "wrsa -poll" and I tried right-click (greater than) refresh configuration, but it hasn't resolved the issue and the scan command is still pending. The desktops at this site are still checking in fine, and all my other sites appear to be fine as well. Any ideas?
Interface must have changed, there is no "PC Security" Tab?
I need to remove two retired machines from WR, but all the instructions say to click on PC Security. Does Not Exist. The tabs I see are: Dashboard | Sites | Admins | Groups | Reports |Please provide instructions to remove machines using current, January 2021 interface. I need to use those licenses on new machines.I logged in with Admin credsI uninstalled through appwiz.cpl, but webroot STILL show the machines, reports they’ve been recently scanned, and are clean. Clean? They are DEAD. RETIRED. I set the policy to unmanaged, but the console just won’t let go.Do i have to plug them back in, and seek & destroy in the registry? I bet if I stop paying for the licenses, they’ll stop on a dime.
New Console and Group Management
Overall, I do like the new console, but I can’t find the column chooser so I can view useful data like last logged on user, IP address, agent version, etc. The ability to export to csv also appears to be missing which was useful in sending teams CSVs of agents not seen recently. I can still get to some of that functionality by going to site → Endpoint Protection and going to the old console, but that is temporary and very clunky. Is the functionality described going to be moved into the new console? Is there a tentative timeline?
Worst mess you've inherited?
Per [user=12807][/user] 's suggestion in [url=https://community.webroot.com/t5/Business-Discussions/What-sort-of-bandwidth-do-you-have-at-work/m-p/88446#M150]this thread[/url], I'm breaking this out into a separate discussion. What's the worst mess you've inherited from the former IT person? For me I think it was a donor "database" that happened to just be a word document filled with the contact info of all their donors. To make matters worse, there wasn't much standardization to the layout. I spend about a week writing a Perl script to try and parse all the data and at least put it in an Excel spreadsheet.
Creating Whitelist Overrides in the Endpoint consoleKnowledge Base
Global whitelist overrides can now be set on a file or folder level as well as the traditional MD5 (Message-Digest algorithm 5) level in Endpoint Protection. This upgrade allows greater flexibility in the deployment of overrides and means that multiple related MD5 overrides no longer have to be whitelisted individually, instead the whole associated directory can simply be whitelisted. [i][b]Note:[/b] If you detect or remove a file before an exclusion or override is in place, you will need to uninstall then reinstall or ensure that the detected files are restored from quarantine. If the files are still located locally in the quarantine or block/allow tab, the exclusion does not work.[/i] [b]To create a whitelist override:[/b] 1. Log in to your [url=https://my.webrootanywhere.com/default.aspx]Endpoint Protection console[/url]. The Endpoint Protection console displays, with the Status tab active. [img]https://docs.webroot.com/us/en/business/wsa
WSA vs SpyShelter keylogger test
Hi Guys I find a on polish website SpyShelter simulation for testing for example keyloggers: link for this testing software - [url=http://www.spyshelter.com/download/AntiTest.zip]http://www.spyshelter.com/download/AntiTest.zip[/url] It's rather strange that WR automatically add this app to "allow processes" under "system control" and let this software to capture all traffic on the my keyboard. Please let me know what you think about this guys and why this is trust app?
what makes an active Webroot account disappear?
I recently did some computer installations and added 3 Webroot accounts at one of our locations. After the installations, an existing installation that was on a different computer disappeared from the console. Webroot still shows on the actual computer though. What would cause this? It has happened at other installations as well.. Thank you. Lisa
Story on All Things Considered about sysadmins dealing with both computers and people
[i]Your doctor and your lawyer may know a lot about you. But in a time when we are using computers to socialize, keep track of finances, do work and store family photos, your IT person probably knows more.[/i] [i]So when computers go down, it can cause intense feelings. There's an entire meme of online videos of frustrated people[url=https://www.youtube.com/watch?v=O2ySMXsuMiw]destroying their computers[/url]. Some psychologists have even coined the term "computer rage" to describe these outbursts.[/i] [url=http://www.npr.org/blogs/alltechconsidered/2014/08/11/338984905/a-good-it-person-needs-to-be-half-technologist-half-psychologist]Full article here.[/url] What do you guys think? This was something that attracted me to IT work in the first place, being that I got to marry both interests together. I had started on a CS degree but found full time coding to be too isolating, and I enjoyed the mix of people interaction with technology.
New Target inclusion in a existing program
Hi, Is there a way to include new targets in an existing Program. I launched a Program and now I need to add the new employees into the existing Program. I believe we can include new campaigns to the launched program but not sure of including the new targets which has been imported will be part of the Program too. Thanks
Alerts not always sent
I'm trialing Webroot SecureAnywhere Business. In the console I have the "threat detected" alert enabled. I have the check-in interval set to 15 minutes. I have a few questions: 1. Is there any way to receive "immediate" alerts when an endpoint detects a threat? 2. I am not always receiving the alert emails. For example, a colleague of mine download a Google Nexus Rooting toolkit which Webroot detected and I received an email alert. On another machine that is on an isolated network with its own internet circuit I've been downloading all kinds of "known malware" that I use for testing AV products including spyware installers, crapware, ransomware, etc. Webroot has blocked/detected all of these files (see screenshot attached) however I have yet to receive a single alert. I can't really try these same tests in our production network for obvious reasons. It's troubling to me that if we were to choose Webroot and a user was engaging in this sort of activity on our produc
Web security again. Craigslist and now Papa Johns ordering being blocked because of using proxy?
Some time back we had a problem accessing Craigslist and found out that the web proxy was why access was being denied. Tech support said to add a bypass. Well now Papa Johns Ordering is being blocked for the same reason. Whats the purpose of having the Web Security if everyone is going to start blocking the proxy??
A client is required by their bank to run IBM Trusteer Rapport Securty software in order to login to their business online banking account. A Chrome plugin for this application recently failed due to WebRoot Identity Protection Application Protection blocking a DLL used by the program. After an hour spent attempting to whitelist the DLL, then the entire application folder, I contacted WebRoot support. In the end, support was not able to get the DLL whitelisted successfully, and it has been necessary to turn off Identity Protection altogether in order for the plugin to run, allowing access to the online banking site (required for direct deposit processing for payroll). Has anyone else run into these kinds of unresolvable issues with whitelisting? Leaving Identity Protection off for any length of time is not an option really, yet at the moment it's the only way to get any protection and have the ability to process payroll for this small municipality.
Uninstall Webroot agent
Hi folks, I work for an MSSP, and found one of our clients has several franchise sites with Webroot installed (They are franchise sites and not allowed to install 3rd party agents such as webroot). Is there an agent uninstall package or command I can throw it via my agent (Kaseya) that will uninstall it in normal boot, without having to go through whatever control panel is used to control it? I have tried to uninstall via Control Panel and command line while in normal boot, but it prompts to contact an administrator. I am able to reboot it into safemode and remove it via command line, but there are 25+ machines and remoting into each of them to do this would be a pain. Thanks!
WRSA Agent Version 22.214.171.124
I log into the web portal every morning to take a look at things and see how everything is going. Make sure when new agent versions roll out that all my endpoints update to that version properly. This morning when I logged in I saw that one of my endpoints had updated to Agent Version 126.96.36.199. None of my other endpoints where updated to this new agent version. Now I understand that there are other factors that are involved and that they won't all update instantly, but I was trying to find release notes for this new Agent Version and I have alas come up unsuccessful. Anyone have any idea when these release notes will become available? Has anyone else had their endpoints updated to this new Agent Version?
Clean infected machine?
I'm getting an alert "1 Endpoint needs attention We recommend you check whether this endpoint has automatic remediation enabled on the assigned policy." I've checked the settings and I see nothing called "Automatic remediation". I've tried running another scan and it still just says it's infected. I've also tried using the cleanup command but that doesn't work either. If I click on the actual threat, the only option is "Create override". What am I supposed to do? So far it's not very straight forward. Where is the clean command? How can I make sure it's been quarantined?
Are you (or your company) on Twitter?
As some of you might know, we at Webroot utilize Twitter to open up other channels of communication, sharing of news, and other Webroot related news. I figured it would be great for us all to follow each other, and ultimatley expanding your connections within the company. So with that, I invite everyone to follow our main channels, as well as my personal one. And if you are interested, be sure to post your Twitter handle here and we will be sure to follow you as well. Webroot - [url=http://twitter.com/webroot]@Webroot[/url] Webroot Support - [url=http://twitter.com/WebrootSupport]@WebrootSupport[/url] Richard - [url=http://twitter.com/rcmelick]@rcmelick[/url] See you all soon!
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.