To Customer Support To Customer Support
Solved

Why is the management console not reporting the threats found on the endpoints?

  • 14 April 2015
  • 4 replies
  • 96 views
O
Rank
Userlevel 1
Badge +1
The endpoint software on each client shows threats have been removed. But, the management console is not picking these up. The status page shows 0 Endpoints need attention, and No endpoints have encountered threats in the last 7 days? 
 
We are currently running the 30 days trial. Is this a limitation in the trial? Or is there some setting that I have not set? The first threat was removed over 24 hours ago. Polling is currently set to every 15 mins at the moment. 
 
Any help anyone can give would be gratefully appreciated. 
 
Other than this slight issue, loving the software. :)
 
Thanks.
icon

Best answer by JohnnyS 14 April 2015, 16:59

View original
This topic has been closed for comments

4 replies

JohnnyS
Rank
Userlevel 5
Hello,
 
I work in the Enterprise Support Department here at Webroot.
 
I'm willing to bet you are using the Eicar test file? This "test infection" is really just a text file not a portable executable like normal infections. Webroot only picks up portable executables. The detection of the Eicar test file is hard coded in the agent and it will not be reported to the console. Portable executables (PE's) are the only thing that can load into memory and cause harm to a machine, so Webroot only concerns itself with these and these are the only types of files that are reported to the cloud.
 
Because of this I have developed a test infection that you are welcome to use. You can download the zip file from the link below. Inside is "TestDropper.exe" which will drop it's "TestPayload.exe" to the machine. The TestPayload is the only thing that is marked bad, TestDropper is marked as unknown so our journal will work effectively on the test infection. These files are portable executables that are loaded into memory so they will be reported to the console, note also that Webroot will simplify the information that is reported to the console so if two files with the same MD5 are detected it will only display once instance in the console.
 
http://download.webroot.com/TestDropper.zip
O
Rank
Userlevel 1
Badge +1
Hi Johnny S,
Many thanks for replying quickly to my post and the explanation.
 
Your assumptions are correct. I was using the Eicar test file on my computers. I used your "testDropper.exe" file instead. The endpoint software removed the threat and reported this back to the management console, which in turn sent me an email. 
 
Many thanks.
 
H
Hi I am currently trialling your product as an MSP.
 
I have the endpoint installed on my computer.
 
I tested using your test payload and it did not detect anything.
 
Is there something i may be missing here?
nic
Userlevel 7
Badge +56
It looks like that test download has been deprecated in favor of this one:

http://download.webroot.com/MockVirus.zip

Let me know if that one gets picked up.
Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.