SecureAnywhere Business Endpoint protection

SecureAnywhere Business Endpoint protection
Getting Started Guide ...................................................................................................................................................................... 2
Console Registration ................................................................................................................................................................... 2
SecureAnywhere Agent: System Requirements ............................................................................................................................. 2
Communications ............................................................................................................................................................................. 4
Necessary URLs.......................................................................................................................................................................... 4
Mobile Protection ........................................................................................................................................................................ 4
System Email Addresses ............................................................................................................................................................. 4
Proxy Settings ............................................................................................................................................................................. 4
Deployment ..................................................................................................................................................................................... 5
General Deployment Process ....................................................................................................................................................... 5
Policies ...................................................................................................................................................................................... 5
Poll Interval Considerations ......................................................................................................................................................... 5
Installer Options .............................................................................................................................................................................. 7
Installing on Terminal (RDS) servers and Citrix XenApp ................................................................................................................ 7
Installing on duplicated images or VMs ........................................................................................................................................ 7
Command Line Switches ................................................................................................................................................................. 9
Overrides ...................................................................................................................................................................................... 10
Uninstall Tips ................................................................................................................................................................................ 11
Option 1 – Agent Commands ..................................................................................................................................................... 11
Option 2 – Local Uninstall in Safe Mode With Networking ........................................................................................................... 11
Support ......................................................................................................................................................................................... 12
Gathering Logs.......................................................................................................................................................................... 12
Opening Support Tickets............................................................................................................................................................ 12
Resources ..................................................................................................................................................................................... 14
Page 1 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017
While Webroot SecureAnywhere® Business Endpoint Protection is extremely easy to deploy and manage, we recognize that enterprise
environments can vary greatly. With that in mind, this Getting Started Guide covers some common deployment scenarios and settings. As
always, this information should be balanced against your specific environment and security policies.
The first step is registering your new console. This ensures that you can modify any policy settings prior to installing the SecureAnywhere
agent.
Requirements
Browsers and Platforms
Management Portal Access
 Google Chrome® 11 and newer
 Internet Explorer® version 7 and newer
 Mozilla® Firefox® version 3.6 and newer
 Safari® 5 and newer
 Opera® 11 and newer
Note: Microsoft Edge® browser not currently supported
Operating Systems











Windows® 10, 32 and 64-bit
Windows 8 and 8.1, 32 and 64-bit
Windows 7, 32 and 64-bit
Windows Vista®, 32 and 64-bit
Windows® XP Service Pack 2 and 3, 32 and 64-bit
Windows XP Embedded
Mac OS X v.10.7.3 (OS X LionTM)
Mac OS X v.10.8 (OS X Mountain Lion®)
Mac OS X v.10.9 (OS X Mavericks®)
Mac OS X v.10.10 (OS X Yosemite®)
Mac OS® X v.10.11 (OS X El Capitan®)
Server Platforms









Windows Server® 2012 R2 Standard, R2 Essentials
Windows Server 2008 R2 Foundation, Standard, Enterprise
Windows Server 2003 Standard, Enterprise, 32 and 64-bit
Windows Small Business Server 2008, 2011, 2012
Windows Server Core 2003, 2008, 2012
Windows Server 2003 R2 for Embedded Systems
Windows Embedded Standard 2009 SP2
Windows XP Embedded SP1, Embedded Standard 2009 SP3
Windows Embedded for POS Version 1.0
Virtual Server Platforms




VMware® vSphere® 5.5 and older (ESX®/ESXi 5.5 and older), Workstation 9.0 and older, Server 2.0 and older
Citrix® XenDesktop® 5, XenServer® 5.6 and older, XenApp® 6.5 and older
Microsoft® Hyper-V® Server 2008, 2008 R2
Virtual Box®
PCs and Laptops
Processor:
 Intel Pentium/Celeron family AMD K6/Athlon/Duron family
 Other processors compatible with those listed above
Page 2 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017
Memory:
 128 MB RAM (minimum)
Browsers:
 Google Chrome® 11 and newer
 Internet Explorer® version 7 and newer
 Mozilla® Firefox® version 3.6 and newer
 Safari® 5 and newer
 Opera® 11 and newer
Page 3 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017
The SecureAnywhere agent uses ports 80 and 443 to communicate with the Webroot® Threat Intelligence Platform and your management
console. These communications are encrypted using a proprietary form of obfuscation. If you are utilizing a web content filter or a proxy
server, you will need to consider the following to ensure the agent can communicate correctly.
When configuring firewalls or any network access layer that can block SecureAnywhere traffic, the following URL masks need to be
considered. These URLs can also be used to lock down any systems that would otherwise have no internet access.





*.webrootcloudav.com
*.webroot.com
*.s3.amazonaws.com
WSAWebFilteringPortal.elasticbeanstalk.com
*.webrootanywhere.com
If you have Mobile Protection, you should permit the following URLs:


*.webrootmobile.com
*.wrproxy.com



Welcome Email – [email protected]
Alerts/Summaries – [email protected]
Support Notifications – [email protected]
By using the -autoproxy switch during install, the SecureAnywhere agent automatically detects an endpoint’s proxy settings. You can also
specify those settings manually, as needed. The syntax is listed in the Command Line Switches section on page 9.
Page 4 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017
 Trial Initiation and Welcome Email
 User Creation and Console Registration
 Default Policy Selection
 Create Additional Admins, if applicable
 Permit SecureAnywhere URLs, if applicable
 Configure Alerts (optional)
 Deploy SecureAnywhere Agent
 Review Unknowns and Create Overrides (optional)
As mentioned, the first step is registering your new console. This ensures that you can modify any policy settings prior to installing the
SecureAnywhere agent.
After the trial has been initiated, you will receive an email from [email protected], which will contain the following:



A link to start the registration process
Your keycode
Additional helpful information
The SecureAnywhere console comes with the following default policies:




Recommended Defaults – Recommended settings, with protection and remediation enabled.
Recommended Server Defaults – Recommended settings for servers, with protection and remediation enabled.
Silent Audit – Non-remediation/Security audit.
Unmanaged – Provides agent control to the endpoint’s local user.
Note: When an endpoint is covered by any policy other than Unmanaged, it is automatically locked down, preventing changes and
uninstallation. Default policies cannot be edited or deleted. They can, however, be used to create new policies by copying and editing.
The SecureAnywhere agent checks for updates when the following events occur:
 Scans are run, scheduled or manual
 A new file is being determined
 The endpoint is rebooted
 Refresh Configuration is run by right-clicking the agent icon in the System Tray
 The poll interval expires
 The poll is triggered by command line; for more information, see Command Line Switches on page 9.
The poll interval is controlled by policy. The default settings are:


Daily – For the Recommended Defaults policy
1 Hour – For the Recommended Server Defaults policy
Page 5 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017
The possible Poll Interval settings are:
 Daily
 12 hours
 6 hours
 4 hours
 3 hours
 2 hours
 1 hour
 30 minutes
 15 minutes
If you are testing or making numerous policy changes, consider shortening the polling interval so that the endpoints receive these
changes sooner.
Page 6 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017
The SecureAnywhere agent comes in two installer formats: EXE and MSI. Both are located under the Resources tab in the management
console.


EXE – The EXE file format can be downloaded and installed using either the generic EXE file, wsasme.exe, or the Windows download
link. This is the EXE file renamed using your SecureAnywhere keycode. When run, the installer automatically embeds the keycode
into the installation process, and installs silently.
MS – The MSI format can be downloaded utilizing the wsasme.msi link under the Install using MSI section of the console. The MSI
can be edited to customize the installation to include the keycode in the GUILIC property and Command-Line options in the CMDLINE
property, and may be deployed using GPO. This video outlines that process.
When installed on a Terminal Services server (RDS server) or Citrix XenApp for desktop/session brokering, or hosted shared desktops, the
SecureAnywhere agent protects the environment by sharing its kernel module across sessions and provides a user process for each. The
management console shows the hosting server and each session as a combined single entry or device for reporting and management.
The agent does not support being streamed via application virtualization.
When Webroot SecureAnywhere Business Endpoint protection is installed, a machine ID is generated from various hardware and software
data points, including Hostname, SID, and MAC address. If endpoint images are reused without sys prepping, or if VMs are copied or
provisioned from a master image and not sys prepped as part of their deployment or provisioning, the endpoints will report into the
console using the same machine ID and compete for the same position. This may also generate duplicates in the management console.
If you encounter duplicates in the management console, uninstall Webroot SecureAnywhere Business Endpoint Protection from the
affected endpoints. Be sure to remove or rename the WRDATA folder located in %PROGRAMDATA% to ensure no configuration files
remain. Afterward, you can reinstall the agent with the -uniquedevice command line option. For example:
Executable Method
wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx /silent –uniquedevice
MSI Method
CMDLINE
-uniquedevice
This will cause the SecureAnywhere agent to create a unique identification for that system by taking a checksum of the hostname and
modifying the machine ID with it. This is useful if the machine’s OS or hardware are cloned but the hostnames are always different. In
this case, the unique hostname will enable unique instances of devices to report into the management console. The hostname remains
untouched, so it will be reported into the console exactly as it exists within the OS.
For this reason, we do not recommend installing Webroot SecureAnywhere Business Endpoint Protection within an image that will be
copied or used for provisioning without first being sys prepped. In most virtual environments, Webroot SecureAnywhere Business
Endpoint protection should be installed after the VM has been deployed, using group policy or logon script, etc., including non-persistent
VM environments.
If hostnames are not unique within the deployment, be sure to use the -clone install switch as illustrated below.
Page 7 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017
Executable Method
wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx /silent -clone
MSI Method
CMDLINE
-clone
This creates a registry key in:
HKLM\System\CurrentControlSet\Control\CloneTimeStampFlags
Use this to make the agent create a persistent, unique value on the PC, which will change how the machine IDs and the PC hostname are
displayed in the console. The scan log will indicate this flag so admins can identify PCs more easily, for example, "Applied unique
machine ID: C8137921" where C8137921 matches the hostname reported in the Webroot management console, such as PCHOSTNAMEC8137921. This value will persist if the agent is uninstalled/reinstalled so that existing agents don't move to other IDs. If the OS is
reinstalled, the ID will change.
For more information on deploying within a Citrix environment, see this document.
Page 8 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017
Command Line
Description
/key
Install with a specific keycode.
e.g. wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx
/silent
Install silently without showing any prompts.
e.g. wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx /silent
Command line switch for deploying directly into groups.
e.g. wsasme.exe /key=xxxxxxxxx /group=-135260017840748808 /silent
Assign endpoints to a specific group by selecting that group in the console > Actions drop-down menu >
Deploy Endpoints to this Group. Note the GROUPCODE.
/group=GROUPCODE
Other requirements:
 The group must already exist in the console.
 This only works new for new installs on systems that have never been seen by the console previously.
Command line.
e.g. msiexec /i "C:\wsasme.msi" GUILIC="XXXX-XXXX-XXXX-XXXX" CMDLINE="SME,quiet,Group=135260017840748808" /qn /l*v %windir%\wsa_install_log.txt
For MSI installs, you can use command line and an MSI editor.
MSI Editor in CMDLINE field: Group=-135260017840748808
-clone
Use when InstanceMIDs match and cause duplicates in the console, or when endpoints replace others at each poll
interval; this is usually found in imaged/cloned environments.
e.g. wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx /silent -clone
-uniquedevice
Use when InstanceMIDs match and cause duplicates in the console, or when endpoints replace others at each poll
interval; this is typically used for virtual environments like Citrix Provisioning or VDI, where -clone is not effective
because Device MIDs are the same.
e.g. wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx /silent
-uniquedevice
-poll
Poll via a command line option.
e.g. "c:\program files\webroot\wrsa.exe" –poll
-autoproxy
Use the automatic proxy configuration.
-proxy
Proxy settings.
Always use all parameters and blank out any value you don't need with double quotes, i.e., proxypass=""
proxyauth #s:
0 = Any authentication
1 = Basic
2 = Digest
3 = Negotiate
4 = NTLM
e.g. wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx /silent -proxyhost=nn.nn.nn.nn -proxyauth=n proxyuser="proxyuser" -proxypass="password" -proxyport=port_number
Page 9 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017
Overrides give administrative control over files on endpoints. Admins can override Webroot determinations as Good or Bad, and apply
them globally or to individual policies. Use cases might include benign executables that do not comply with an organization’s acceptable
use policies, or proprietary software that might otherwise have been classified as unwanted or malicious due to certain behaviors.
Admins can deploy Overrides from several locations within the management console, including the following tabs:
 Overrides
 Group Management
 Reports
Overrides can also be deployed from any area of the management console that displays the Create override button.




When an administrator adds overrides from the Group Management or Reports tabs, the MD5 values have already been saved in the
console and are available for use.
When overrides are added from the Overrides tab, the administrator will need to scan the endpoint first and save the endpoint log to
find and use the MD5 values.
Overrides may be applied to all managed endpoints’ policies globally or within individual policies.
Overrides may also have different settings at the global and individual policy levels. For example, an MD5 file might be treated as
Bad at the global level and Good at the individual policy level.
Page 10 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017
1. Open the Group Management tab and select the desired group from the Groups panel.
2. Do either one of the following:


Select an individual endpoint on which to run the command.
Select Hostname to run the command on all endpoints in the group.
3. Open the Agent Commands menu and select Agent > Uninstall.
The SecureAnywhere agent will be removed; however, the listing for the workstation remains. We recommend that you create a group
called Uninstalled Clients into which these can be moved.
To remove a listing completely, click the red Deactivate button, which frees up the license seat taken by the endpoint.
Note: These endpoints will no longer check in with your console unless you reactivate them.
Use the following steps to boot the computer into Safe Mode with Networking.
1. Shut down the computer.
2. Turn the computer on and tap the F8 key repeatedly.
3. Use the Up and Down arrows to select Safe Mode with Networking.
4. On your keyboard, press Enter.
5. Do either one of the following:


If the endpoint was managed by a policy, Select Safe Mode with Networking. This is the default.
If the endpoint was not managed by a policy, select Safe Mode.
6. Do either one of the following, depending on your operating system:


Windows XP: Click Start, and then click Run. In the Run window, type appwiz.cpl, then, on your keyboard, press Enter.
Windows Vista/Windows 7: Click Start, or the Windows icon. In the Search field, type appwiz.cpl, then, on your keyboard,
press Enter.
7. Select Webroot SecureAnywhere, then click Uninstall/Remove.
8. Confirm any messages regarding uninstalling the program.
9. Once the uninstall process has finished, restart the computer.
If the Webroot SecureAnywhere program is not visible in the Control Panel, the software can be uninstalled from the command line
by running the following:
C:\Program Files\Webroot\WRSA.exe -uninstall
Page 11 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017
The process of opening a Support Ticket can be expedited by first collecting log files from the affected endpoint using the SecureAnywhere
agent command Customer Support Diagnostics.
This agent command gathers all of the necessary diagnostic information for the Webroot Support Team to help you with the issue.
To speed this process even further, click Refresh Configuration on the endpoint instead of waiting for the Poll Interval to expire. This
causes the SecureAnywhere agent to check in and receive the agent command sooner.
Admins can open a support ticket from several locations.

Agent – Click Get Customer Support within the SecureAnywhere agent interface.
Page 12 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017

Agent – Right-click the SecureAnywhere system tray icon and select Help.

Console – Select your email address to open the drop-down menu in the upper right corner of the management console interface,
then click Support.
Online – Visit the Webroot Support website.

With each method, you will be prompted for your email address. You will be notified via email when Webroot Support has responded
to your ticket, and you will need to log back in to the Support page to retrieve the reply.


If this is the first time you have contacted Webroot Support via online ticket, you can open your ticket immediately. A password
will be sent to you automatically for future conversations.
If you are a returning Support customer, enter the password that was sent to you previously. If you have forgotten that
password, use the password recovery link.
Page 13 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017







Management Console
Ask Webroot Knowledge Base
Support Ticket Home
Business Community
Admin Guide
Webroot YouTube Channel
SecureAnywhere Free Trials
© 2017 Webroot Inc. All rights reserved. Webroot, BrightCloud, SecureAnywhere, Webroot SecureAnywhere, and Smarter Cybersecurity
are trademarks or registered trademarks of Webroot Inc. in the United States and/or other countries. All other trademarks are properties
of their respective owners.
Page 14 | © 2017 Webroot Inc. All rights reserved. | Proprietary and Confidential Information
April 13, 2017
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement