Webroot® Business Endpoint Protection
Welcome to the Endpoint Protection and management console Discussion Forum!
- 1,134 Topics
- 3,606 Replies
Hello, We have an infection currently spreading through our network. New endpoints are popping up on the SecureAnywhere console every few minutes as infected. Some are 'protected', others are 'need attention'. The infection is reported as W32.BitCoinMiner. The file list is shown below. [img]https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/34855iDC60DA29DD27CAC6.jpg[/img] I need to determine a. The point of entry - which computer introduced this and how. Was it via the web? local usb device? etc. b. How the infection is able to spread. So far it has affected two AD sites, spanning two IP subnets. It has not spread to any servers yet. Does anyone have any tips on how best to understand and investigate the two points above? Many thanks Michael.
I've installed webroot on a macbook using wsamacsme.dmg and key The installer start, stopped when there's a security setting to do, then start to scan After few time the windows closed and i've no icon finder bar ! I cannot enter on SecurAnywhere control panel.. I've tried to uninstall and reinstall but nothing.. I've set as not managed on GSM but no icon the same.. Looking process i see it running what can i do more ??
Folks, I'm really interested to understand what apps you are running on users Windows computers. This is for us to better align our test systems with what you have. Example:- Windows 7 32bit with [list] [*]Office 365 [*]WSA [*]Chrome [*]Open VPN Client [*]RMM Agent[/list] Please post below with your replies Many thanks Jonathan.giffard Senior Product Manager WSA Business
Creating Whitelist Overrides in the Endpoint consoleKnowledge Base
Global whitelist overrides can now be set on a file or folder level as well as the traditional MD5 (Message-Digest algorithm 5) level in Endpoint Protection. This upgrade allows greater flexibility in the deployment of overrides and means that multiple related MD5 overrides no longer have to be whitelisted individually, instead the whole associated directory can simply be whitelisted. [i][b]Note:[/b] If you detect or remove a file before an exclusion or override is in place, you will need to uninstall then reinstall or ensure that the detected files are restored from quarantine. If the files are still located locally in the quarantine or block/allow tab, the exclusion does not work.[/i] [b]To create a whitelist override:[/b] 1. Log in to your [url=https://my.webrootanywhere.com/default.aspx]Endpoint Protection console[/url]. The Endpoint Protection console displays, with the Status tab active. [img]https://docs.webroot.com/us/en/business/wsa
Hi guys, I have some noobish questions on depolying to endpoints using group policy in active directory. I know I can use the MSI file that is downloaded from my web console. I have downloaded it. I have also put that file in my group policy shared folder, and I can see how I deploy MSI files using GPO>Computer Configuration>Policies>Software Settings>Software installation. Now where to go from here? I understand that the MSI is interactive, and I want it it to be silent and put in its own product key. It sounds like what this guy is talking about here, but I don't know where or how to put in those command line arguments....and where to go from here. [url=https://community.webroot.com/t5/Endpoint-Protection-and-GSM-KB/Using-MSI-for-Deployment/ta-p/326532]https://community.webroot.com/t5/Endpoint-Protection-and-GSM-KB/Using-MSI-for-Deployment/ta-p/326532[/url]
How to submit a ticket to Business SupportKnowledge Base
[b]This solution addresses Webroot SecureAnywhere Business – Endpoint Protection [/b] To submit a support ticket for Webroot SecureAnywhere Business Endpoint Protection, [url=https://mysupport.webrootanywhere.com/supportwelcome.aspx?SOURCE=ENTERPRISEWSA]click here[/url]. If prompted, log into your account. If you prefer to speak with a support representative by phone, [url=https://www.webroot.com/us/en/business/support/contact]click here[/url] for a list of our telephone numbers.
What is the correct syntax for registry commands via the console (Agent Commands / Advanced / Run a registry command)? Online help does not give any example, only says this short advice: [b]"This command uses the same syntax as reg.exe, but does not call reg.exe"[/b] So I tried issueing the following command: [b]ADD HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoDriveTypeAutoRun /t dword /d 000000ff[/b] but the I dit not succeed, even if the "View commands for selected endpoint" log says that it was executed. (And BTW, why does not this log shows back any result?) So what is the correct syntax?
How to install using GPOKnowledge Base
[b]This solution addresses Webroot SecureAnywhere Business – Endpoint Protection[/b] To install SecureAnywhere using GPO, you should have experience with Microsoft’s Active Directory and the GPO editor. You can also watch a video on how to use GPO at [url=https://www.youtube.com/watch?v=raP0jQHyFYE]How to Deploy Using Group Policy - SecureAnywhere Business[/url]. [b]To install SecureAnywhere using GPO:[/b] [list=1] [*]From the following location, download the SecureAnywhere MSI installer to a network share:[url=http://anywhere.webrootcloudav.com/zerol/wsasme.msi]http://anywhere.webrootcloudav.com/zerol/wsasme.msi[/url] Downloading the file makes it accessible to all endpoints on which you will deploy SecureAnywhere. [*]Go to the server that is the domain controller for the deployment group. [*]Open the GPO editor on the domain controller and create a policy for the deployment group. [*]Assign SecureAnywhere to all endpoints that belong to the Organizational Unit where t
When I running webroot secure anywhere for business on some computers, I found the sonicwall blocking the information being sent back and forth to the secureanywhere consul. If I Shut off GEO blocking it works fine, so evedently its being blocked by country any ideas how to fix this ? webroot says they don't use a specific country but I find that not true since the Geo blocking stops the service when sent from other countries other than then the USA
[b]This solution addresses Webroot SecureAnywhere Business – Endpoint Protection[/b] The first time you add endpoints to SecureAnywhere Endpoint Protection, they are assigned to the Default group. You can then move endpoints to the appropriate groups. [b]To move endpoints to another group:[/b] [list=1] [*]Click the [b]Group Management[/b] tab. [*]From the [b]Groups [/b]panel on the left, select the group that contains the endpoints you want to move.[b]Note[/b]: For this procedure you must select a specific group, not [b]All Endpoints[/b]. [*]From the [b]Endpoints[/b] panel on the right, select one or more endpoints.[b][i]Tip[/i][/b]: You can select all endpoints within the selected group by clicking the [b]Hostname [/b]checkbox at the top of the list (first column). [*]Click [b]Move endpoints to another group[/b] from the command bar.[b]Note[/b]: If the group has more than one page of endpoints, the dialog prompts you to ap
Hi there, I'm currently trialing Webroot Endpoint for our business. I'm pretty impressed, but there's a combination of two things that I find a little worrying. I'm hoping someone can put my mind at rest! I spotted the "Agent Commands" dropdown, which allows me to remotely send a variety of commands to an endpoint via the GSM. This includes some really powerful stuff like "Download and run a file" and "Run a DOS command". I'm concerned that if there's any way for an attacker to get access to GSM (either through my incompetence or a problem at Webroot), those options give them a massive amount of power to cause havok across the network. That, combined with the lack of 2FA on GSM, seems to me to be a pretty huge potential security problem. Is there a way to disable those options? Is there a reason that I shouldn't be worrying about that? Any thoughts or advice would be much appreciated! Thanks, Rob.
Downloading and running the installerKnowledge Base
[b]This solution addresses Webroot SecureAnywhere Business – Endpoint Protection[/b] You can deploy the SecureAnywhere installer file using one of these methods: [list] [*]Install SecureAnywhere on each endpoint. [*]Send emails to end users, so they can install the software by clicking on the link provided in the email template. [*]Rename the executable file using your keycode. This method is useful if you plan to use your own deployment tool and if you prefer not to use MSI commands to run the installation in the background. [*]Use additional commands with the executable file to deploy it in the background. [*]Use command-line options with the installer to deploy to endpoints that are behind a proxy server. [/list][b]To use the SecureAnywhere installer:[/b] 1. On the endpoint, download the SecureAnywhere installer file. The installer file is available from the [b]Resources [/b]tab or by clicking this link: [url=http://anywhere.webrootcloudav.com/zerol
We administer Webroot that is integrated with AEM (Autotask Endpoint Management) and that works reasonably fine. According to our policy webroot is supposed to be installed automatically with the installation of the AEM agent, and sometimes this installation takes place instantly. In other cases, it might literally take more than a day before Webroot is installed and overall any change in webroot administration from AEM-level can take a really long time to kick in. Has anyone who uses Webroot with AEM integration possiby experienced the same problem, and can that be remedied?
I just enabled a feature of our email service that tells me when incoming emails were not sent via TLS. It is telling me that Infection Alert messages from email@example.com are not utilizing TLS. This is probably minor, but it could constitute a security risk in some cases.
Hi - I'm running Endpoint Protection 184.108.40.206 on a windows 7 pro machine. Trying to upgrade to Win10, which requires multiple reboots. Upgrade fails when Endpoint comes back on after the first reboot - at least that appears to be the issue. I'd like to test it by disabling Webroot until I manually re-enable it. Is there a way to disable protection indefinitely or for some fixed period of time rather than "until the next reboot"? Thanks!
Hello all, I have a site that is getting tons of the c:program bug this morning. I thought this bug was fixed as I'm finding solutions from 2014. What is causing this? It's almost 5 machines that we've found so far. No changes were made to the site configs.
I'm on a MacBook Pro running El Capitan (10.11.6). lsof shows that Webroot is listening on port 8090. This conflicts with other stuff I'd like to run on my machine that's non-trivial to change the port assignments. Can it be changed to a different port or stopped?
I use Webroot across aproximately 80 computers and so far 3 have picked up an update on the browser filtering extension as of this morning (5/2/18 @ 8am) this causes one of the IE processes to fail and then the desktop will not able to be interacted with. All programs/links or anything on the desktop is not responsive until either that failing IE Process is forced closed. Accessing programs through the start menu continues to work fine, only affects the desktop. This also only affects Windows 7, it does not cause the issue in windows 10. I've killed the bad IE process on one computer and restarted the other 2, the restarted computers have yet to have the issue again, the other one has experienced the issue twice more. Do we need to restart the computers after this extension upgrade to finish an install?? Anyone else having this issue?
I am unable to start webroot on every Mac I try to open it on. Nothing happens when I click on the application. The Mac versions in question are 10.9.5 (13F1911), macOS 10.13.1 (17B1003), 10.13.3 (17D102). Are there any remedies and/or diagnostics I can perform?
I am using my Mac everyday, but from GSM, Endpoint shows that the last seen of my computer was 2 days ago. Of course, Webroot is running and activated "green" on my computer. It was scanning yesterday too. But it looks like that the activities were not connected to GSM. Any error in GSM? Or something else?
So I ran into one of our users and found they had a bunch of Cracks, Key Generators and pirated software and wondered why webroot did not detect the cracks/key gens? We really want to sweep these from our organization. Any suggestions on settings that I may be missing? or is a no go?
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.