Solved

Not Happy. Install Killed my RADMIN Remote Access Software

  • 12 January 2016
  • 18 replies
  • 127 views

I just purchased your 3-device product.
During the initial installation on the client's server, it KILLED my radmin remote software as a "threat".

This server is 600+ miles away.
Sign me VERY not happy right now.
icon

Best answer by bgavin 25 January 2016, 23:50

View original

18 replies

Userlevel 7
Badge +56
Sorry about that - that's a really sucky situation.
 
There is a way to reverse that from the console as long as you're on the business version.  However the business endpoint usually only comes as a 5 device minimum, so your saying that you bought a 3-device product makes me think you might be on the consumer version.  Is that indeed the case?
 
If you are on the business console, here's how to restore radmin from quarantine:
 
To restore a file from Quarantine, follow these steps:
 
  1. Log in to your Admin Console.
  2. Go into Endpoint Protection and select the "Reports" tab.
  3. Select "All Threats Seen" as the report type.
  4. Locate the files you wish to restore and select them.
  5. Along the top row, select "Restore From Quarantine".
Now that this change has been applied, please send the "Scan" agent command from the management console, followed by the "Reverify all files and processes" command to all the affected endpoints.
Yes, I just purchased the 3-device product for a client.
Server and two workstations.  Both have RServer installed.

I am 600 miles away from the client, and will have to have them muddle through whatever is required to remove rserver.exe from the threat list in WebRoot.

I will have to do this with her over the phone.  She is not technical, but can follow directions.
We are recovering from a total crash from Cryptowall 4.0 on the workstation, and I no longer have access to her office at all.
Userlevel 7
Badge +56
If you want we can have a support person on the call to assist, since they'll have all the menu options memorized and have practice guiding non-technical people through it.
I have worked with the client and have my RAdmin remote installed once again.

We uninstalled WebRoot entirely./

Please post whatever I have to do in advance of installing Webroot.
The file to exempt is "rserver.exe"
 
Userlevel 7
Badge +56
Glad you were able to get it resolved.

I'd still recommend switching over to the business version if you can, because that gives you control from the console to manage all of that.

On the consumer side, it should prompt you before quarantining anything. So I'd say remote in, install Webroot, run the first scan and see if it tries to flag rserver.exe. If it does then tell it to ignore and then you can go in and manually whitelist it in the settings.
No, it is NOT resolved.

I cannot install WebRoot without it killing my remote access.

I need an override to allow/whitelist "rserver.exe"

Please tell me how to do this.
Web Root is 100% useless for this client without this override.
Userlevel 7
Badge +56
I meant getting radmin getting back online, that part resolved.

The real problem is using a consumer version on a server, which isn't recommended. I can have support call you and work on it with you if that's easier.
Arggghh!

The real problem is WebRoot is killing my remote access product.

I *need* an override, or other method that will whilelist "rserver.exe" so when I install WebRoot it does not instantly kill my connection.
Userlevel 7
Badge +56
Here you go:
https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/how-do-i-whitelist-a-program-and-how-do-i-change-the-default/td-p/222528
Once again, this does not address my problem.

The installation of WebRoot runs a scan during install.
This scan kills my remote control software.
I lose my connection to the machine.
I am 600 miles away.
 
Once again, I need an override, command line switch (i.e. /NOSCAN) that will let me install WebRoot without an automatic scan.  I can then use the GUI to whitelist my remote control app (rserver3.exe).
Userlevel 7
Badge +56
I'm just going to put in a ticket to have support contact you.
As per support email, I have uploaded two WS diag files.
One for the server, the other for the workstation.
The EXE on each are different, due to different versions.

We are recovering from a Cryptowall 4.0 attack, and it has been a long and tedious recovery.
 
We want to install WebRoot now.
Waiting for support to give me an override during install, such as a /NOSCAN option.
Userlevel 7
Badge +56
sounds good - let us know how it turns out.
Resolved by WR support.

My Radmin remote administrator is black-listed as a hack.

I was provided with the command line switches need to intall WebRoot without an initial scan.
I can then whitelist my RAdmin and run my scans.

The command line is straight forward.
It installs my license key, skips the restart (scan) and runs silently.
 
Userlevel 7
Badge +56
Glad to hear it!
I tested the WR support procedure and it fails.
 
It creates a program files (x86) directory with "wrsa.exe" present.
There are no start menu entries or log files.
 
Manual launch of wrsa.exe does nothing then immediately exits.
Apparently this fix was a guess, and not actually tested.

I have asked WR support to test something that works and get back to me.
Resolved.

WR support provided the missing command line switch.
It now runs correctly.  My remote control softawre is "Allowed" and scans completed without incident.
I cannot believe how much a pain in the ass this product is.

Installing my 2nd machine of my 3 user license.
Using the command line given to me by WR tech support.
 
The **bleep** product now tells me that my subscription is expired.
Good grief.
 
I went to create a WR user account, and the password demands far exceed even my secure passwords.
This is unbelievable. 
I'm an IT professional, and so far WR is *not* worth all this grief.
 

Reply