Webroot® Business Endpoint Protection
Welcome to the Endpoint Protection and management console Discussion Forum!
- 1,134 Topics
- 3,606 Replies
So, it appears we are having issues related to the following on multiple clients, multiple endpoints: (Note, we aren't just having the issue on Windows 10; Windows 7 is having issues too, and it appears to do with Winlogon/Netlogon). We believe it is related to the issue listed below. [url=https://community.webroot.com/t5/Known-Issues-KB/Netlogon-is-not-starting-after-Reboot/ta-p/316119]https://community.webroot.com/t5/Known-Issues-KB/Netlogon-is-not-starting-after-Reboot/ta-p/316119[/url] I offered to help our team by writing a script within our RMM software that would set the Registry key per Webroot's recommendations as described in the workaround in the article. Only one problem: I cannot create a DWORD to the WKrn service key. Just for fun, I tried using the same commands to write the IFP key noted by Webroot to another spot in the Windows Registry, and it went off without a hitch, making me think Webroot has set the HKLMSYSTEMCurrentCont
Wanted to get a feel from the community on what your experiences have been like with suport. In general, I like the product, but I've been frustrated by the support, primarily in how long it takes them to respond. We had a recent ticket where Webroot was blocking legit files where we had overrides both for the files (via an MD5 hash), and also overrides to not scan the folder and not to report malicious activity. Despite this, we were getitng hundreds of emails a day saying there was malicious activity. We opened a ticket with support and it took 19 hours to get an initial response which was "send us logs and we'll creae a global override." Then it took two business days (with a weekend in there as well) for them to fix the isuse. The issue was with a critical app that we use at a critical time of the year for us and it had a significant impact on us. So, ticket opened Thursday, response on Friday asking for logs, logs uploaded Friday and then a fina
I am posting here because the DNS FIltering forum has a grand total of 2 threads and no activity in several weeks. Does the WebRoot DNS Filtering alter the TCP/IP v4 DNS properties of the client it's installed on? I have seen clients that are unable to access the internet, and on investigation found the TCP/IP v4 settings DNS address set to a local static IP instead of "Auto", so that it receives the DHCP determined DNS IP. Restoring the DHCP DNS setting instantly resolves the issue. The only thing suspect was WebRoot DNS Filtering, as I could see how it might redirect DNS requests of the client to itself in order to filter. And if it needs to do that, that would be fine except that it ain't working, can't surf and can't send / receive email when WebRoot is handling DNS.
I received this kind of phishing: the spammer sent a PDF file, with a link in it. The file is clean, so it passed the checking. However, I believe that if I click to the link in the file, I will have trouble (what kind of trouble, I don't know, but it's definitely a bad site!). So, my question is: if I click to that link, will webroot give me any warning, or prevent my browser open the link?
Hello All, Seeing if anyone has run into this one before. I have configured a policy to have all endpoints check in every 15 minutes. This only works on PCs. To get Macs to update, I am attempting to use the sudo /usr/local/bin/WSDaemon –poll command to force the endpoint to contact the cloud. It doen't error, and I get no return status. However I also don't see the "Last Seen" date and time on the console update. Anyone experiencing the same?
Hi Guys, Just wanted to know if anyone experienced WR blocking this file. It gave me two minutes to decide and I got some mixed answers while looking online in general so I didn't get to respond whether to allow it or block it. Oddly enough when I looked into the quarantine/block files, it wasn't there. Thanks in advance.
I would like to be able to see the results of System Optimizer on all the PCs. It would be nice if there was a report for that but I don't see one. How do I view how much data System Optimizer cleaned to show my clients how much storage space Webroot is helping them free?
For reference, I detailed here: [url=https://community.webroot.com/t5/Security-Industry-News/Chrome-Releases-Stable-Channel-Update-for-Desktop-Tuesday-March/m-p/315569/highlight/true#M40391]https://community.webroot.com/t5/Security-Industry-News/Chrome-Releases-Stable-Channel-Update-for-Desktop-Tuesday-March/m-p/315569/highlight/true#M40391[/url] I am seeing a real issue when the new Chrome v65 combines with the Chrome web extension. I have opened a ticket, but I want others to be aware, as well as chime in if they are seeing the same issue. One of our HTG partners mentioned an issue, and I decided if to see if I could replicate it, and found I could. I would highly recommend not using the extension at this time based on what I have experienced.
In the dashboard, it shows I have 2 devices unmanaged by policies. But in Policies tab, in Unmanaged menu, it shows: No sites currently use this as their default policy Any idea why that please? [img]https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/33142i17B1DE05A9E1B5D0.png[/img]
Today, Webroot found a threat in a backup. It is a Info.plist file. VolumesTime Machine-sikkerhetskopierBackups.backupdbUser MacBook Air2015-12-13-144330Macintosh HDApplicationsMicrosoft Office 2011OfficeShared ApplicationsProofing ToolsDutch Hyphenato When I see in GSM, it shows MD5 00000000000000000000000000000000. I wonder what does it mean? I am going to check that backup soon, but wonder if anyone sees this keylog before and can share any experience?
When I start Skype on my Mac, Webroot shows Suspicious Activity Detected: SYstem Folder Modified /Users/myusername/Library/LaunchAgents/com.skype.skype.shareagent.plist /Applications/Skype.app/Contents/MacOS/Skype Why Webroot marks Skype as a suspicious activity? Is that a false positive? I also noticed a similar notification when I installed Office 2016 for Mac at the first time. The installation file is downloaded directly from my Microsoft account, so I assume that it's clean. But Webroot still warned.
I installed a Mac agent a few days ago, it was 126.96.36.199. Today, I installed on another Mac and noticed in GSM, it shows version 188.8.131.52. So, I went to the first Mac and checked the version again, it's still 184.108.40.206. The question is: does the agent update automatically to the new versions or not? It seems that I have no option for updating manually either in GSM or the current Mac installation, so I assume it will be upgraded automatically, but when?
I just installed Endpoints on a Mac High Sierra and a Windows 7 computer and noticed the different versions. - On Mac, it is 220.127.116.11. - On Windows, it is 18.104.22.168. I assumed that it is correct? Just don't want to confuse customers, when they see that. Another question is that if there is an alert when an agent will be updated? Is that the same Endpoint Installed in Alerts configuration? Thanks.
Anyone else's Labtech plugin been broken since the 3.0 update? When we updated the plugin from 2.5 to 3.0, the plugin dashboard showed most agents as "non-GSM" and lacked information for them. After 3 months working with support on the issue, we're still nowhere, and can't reliably monitor our ~5,000 agents.
One of our internal Macs is showing the Webroot icon in gray with the exclamation point in the menu bar. In opening it, I have found it says that some important security features are disabled. Of course, I cannot tell what they are because the system is managed by policy from the GSM console, so when I click, it doesn't let me look at what might be off. As far as I can see, the shields are on, and we are using an internal policy that uses fairly common settings on the Mac side. Is it possible to find out what settings would definitively cause a system to report like this if they are off? Thanks for any assistance.
Hi folks, We can add the option "shutdown webroot" check here: [url=http://prntscr.com/ico9f6]http://prntscr.com/ico9f6[/url] on the policies manager for the agent, i get a captcha when click on shutdown but is there an option we can set a admin password or PIN when that option is selected? that way only the admin can shut it down.
Hi all, Currently we run the Webroot SecureAnywhere Business Endpoint Protection agent in version 22.214.171.124 on some workstations and 126.96.36.199 previously (most of the workstations are Windows 10). We also run an asset management cloud software (called Samanage) with a client agent on each workstation. The workstations with 188.8.131.52 Webroot agent get recognised by Samanage but the workstations that run 184.108.40.206 don't. Does anybody know if the name of the Webroot agent changed somehow to cause this and if so where it is saved?
Finally 220.127.116.11 has been released. My growing issue with WebRoot is that it is taking months for you to resolve issues like this. That version of Windows 10 launched October 17, 2017. It took you three months to release a version of your product that works. Meanwhile your partners have spent countless hours trying to debug issues that ultimately were caused by WebRoot. For many of my customers I have had to move on to other products that were fully compatible with Windows 10 Fall Creator's update. There are several WebRoot related issues over the past year that has taken WebRoot months to resolve. Why is WebRoot non responsive towards these issues? How can I have confidence in a product that I have to disable key parts of the program in order for it to work? Does this same lackadaisical approach apply to protecting my customers from viruses and malware?
Folks, To quote Microsoft [i]"Based on our analysis of available data, we are now lifting the AV compatibility check for the March Windows security updates for supported Windows 10 devices via Windows Update."[/i] More information is here:- [url=https://blogs.windows.com/windowsexperience/2018/03/13/march-2018-windows-security-update-expanding-our-efforts-to-protect-customers/#0h3TXP1qbqUMkot0.97]March 2018 Updates[/url] We are looking to remove the reg key setting feature of WSA and will notify you when that will be happening. Regards, Jonathan Senior PM WSA for Business Microsoft Meltdown and Spectre updates [u]Information from MSFT for I.T pros[/u] [url=https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in]https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in[/
Hi, When will webroot detect this? Accoding to Virustotal, it still doesn't: [url=https://www.virustotal.com/#/file/5586be30d505216bdc912605481f9c8c7bfd52748f66c5e212160f6b31fd8571/detection]https://www.virustotal.com/#/file/5586be30d505216bdc912605481f9c8c7bfd52748f66c5e212160f6b31fd8571/detection[/url] Background can be found at: [url=https://objective-see.com/blog/blog_0x26.html]https://objective-see.com/blog/blog_0x26.html[/url]
We recently experienced that webroot blocked a good file as a threath, even if it was placed in a folder where we have a path override. Tested with Eicar that the override works, so why did it block the file. Anyone else experienced this? Any solution?
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.