Solved

Scanning multiple hard drive partitions on macOS


I have a 2012 MacBook Pro running macOS Mojave and Windows 10 Pro on a secondary partition of the 500gb  SSD, and I’m wondering if there is a way to scan the Windows partition with the Mac version of Webroot installed on the macOS partition? 

icon

Best answer by coscooper 27 August 2020, 22:47

View original

10 replies

Userlevel 7
Badge +63

Hello @ataylor861 

 

Not sure but I can ping @coscooper and maybe he can tell you?

 

Thanks,

Userlevel 7
Badge +62

@TripleHelix I believe one has to have Webroot Secure Anywhere on each Partition?

Userlevel 7

@TripleHelix I believe one has to have Webroot Secure Anywhere on each Partition?

If they do does that count as 2 seats taken from the license on one computer?

Good questions for Webroot. :wink:

Userlevel 7
Badge +62

@TripleHelix I believe one has to have Webroot Secure Anywhere on each Partition?

If they do does that count as 2 seats taken from the license on one computer?

Good questions for Webroot. :wink:

I believe so as I was running Windows 10 on one Partition and Windows 8.1 on another Partition  and used 2 keycodes instead of 2 seats which I probably could have done.  But yes Support is best to confirm this. 😉

Thanks @ProTruckDriver and @TripleHelix 

Userlevel 6
Badge +26

@ataylor861  - each instance of MacOS and/or Windows, physical or virtual, needs its own agent and is considered a separate license.

Userlevel 7
Badge +63

Yes 2 seats just like if you use Webroot on a VM it uses another seat per VM, but can you scan a whole drive from the Mac OS? I know you can scan other Drives with the Windows Client even a USB connected Drive. Right Click on a Drive a “Scan with Webroot” from the Context Menu so again can you do the whole Drive with the other partition (Windows) with the Mac Client? Also we know the Mac Client will not detect all Windows Malware so maybe it’s best to install on Windows and Run it from that partition and Scan the Mac partition?

 

 

Userlevel 6
Badge +26

@TripleHelix  - Unfortunately, he Mac agent does not have a contextual menu option for Scan with Webroot on a file, folder or entire drive. The only option(s) are under advanced settings you can select as an option to Automatically scan removeable media and/or Scan mounted drives. If those are off, then added media or USB devices will not be scanned.

I have found that if the drive is internal and always attached volume(s), the agent will scan all volumes. Extrenal drives are treated as mounted drives.

 

 

Userlevel 7
Badge +63

@coscooper  so back to the OP’s post, it would be better to install on Windows and scan the Mac partition with the Windows Client as it has better and more Anti-Malware base from the Cloud?

 

Thanks for the info.

Userlevel 6
Badge +26

@TripleHelix  - actually, it would be “that depends” on the concern and type of threat. The Mac agent detects windows threats that may try to sneak through a Mac to get onto a Windows device or network share, but not the other way around. Windows agent has no concept of or knowlege of Mac threats.

So, while the short answer is, yes, you could just run the Windows agent on a VM with the Mac drive visible - depending on how the VM is setup, UNC shared or mapped drive shared, VMWare is different than Parallels, so again, it would depend. The Windows scanner would do nothing more than determine at rest files, and only Windows threats, nothing for the Mac. It would not detect anything running on the Mac in memory, which could get there through attack vector that is not file based and even if it was a Mac file attack, the Windows agent wouldn’t know what to do with it.

One isn’t “better” than the other, they have their own purposes. The reality is, each OS has its own nuanced threat vectors and payloads, so trying to “scan” one or the other is not going to catch everything. And… to be blunt and frank, file scanning is dead. It’s there and an option for sure, but it catches so little these days. Realtime and behaviour based determinations as well as Evasion Shield checking scripts and LOL attacks. (Living off the land) will stop bad actors over file scanning any day. Fileless attacks, code injection, process hollowing etc… are much more pervasive and no brute force file scanner will work for those approaches.

Lastly, the contextual menu option will provide flaky results if it’s a UNC share, meaning, it doesn’t work properly. However, if you us the UI and use the Gear Icon next to PC Security, run a custom scan, you can select the drives there and let the UI do the work. It’s not automated. There are command line options on the Windows side for automation, but again, file scanning is less affective and is pretty old school way to detect threats.

Userlevel 7
Badge +63

@coscooper Thanks so much for the Explanation and it’s very much appreciated!

 

So I guess it’s best to have a Webroot Client on both OS’s to be truly safe.

Reply