SecureAnywhere Business — Endpoint Protection TM Getting Started Guide ....................................................................................... 2 Console Registration ...................................................................................... 2 WSA Agent - System Requirements ................................................................. 2 Communications .............................................................................................. 4 WSA-Needed URLs ........................................................................................ 4 System Email Addresses ................................................................................ 4 Proxy Settings .............................................................................................. 4 Deployment..................................................................................................... 5 General Deployment Process .......................................................................... 5 Policies ........................................................................................................ 5 Poll Interval Considerations ............................................................................ 6 Installer Options ........................................................................................... 6 Installing on VMs/Citrix Considerations ............................................................ 7 Command Line Switches ................................................................................ 7 Overrides ...................................................................................................... 10 Uninstall Tips ................................................................................................. 11 Agent Uninstall Option #1 – Uninstall From the Console Using Agent Commands 11 Agent Uninstall Option #2 – Uninstall On the Endpoint in Safe Mode With Networking ................................................................................................. 11 Support ........................................................................................................ 13 Gathering Logs ........................................................................................... 13 Opening Support Tickets .............................................................................. 13 Resources ..................................................................................................... 15 Page 1 | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015 While Webroot SecureAnywhere Business – Endpoint Protection is extremely easy to deploy and manage, Webroot recognizes that Enterprise environments can vary greatly. With that in mind, this Getting Started Guide covers some common deployment scenarios and settings. As always, this information should be balanced against your specific environment and security policy. Registering your new console will be your first step. This will ensure that you have a chance to modify any policy settings, prior to installing the WSA agent. Management Portal Access Supported PCs Server Platforms Page 2 | Webroot, Inc. | Internet Explorer® version 8 and newer Mozilla® Firefox® version 3.6 and newer Chrome 11 and newer Safari 5 and newer Opera 11 and newer Windows 8, 8.1, 32 and 64-bit Windows 7, 32 and 64-bit Windows Vista®, 32 and 64-bit Windows® XP Service Pack 2 and 3, 32 and 64-bit Windows XP Embedded Mac OS X v.10.10 "Yosemite" Mac OS X v.10.9 "Mavericks" Mac OS X v.10.8 "Mountain Lion" Mac OS® X v.10.7 "Lion" Windows Server 2012 Standard, R2 Windows Server 2008 R2 Foundation, Standard, Enterprise Windows Server 2003 Standard, Enterprise, Service Pack2, 32 and 64-bit Windows Small Business Server 2008, 2011, 2012 Windows Server Core 2003, 2008, 2012 Windows Server 2003 R2 for Embedded Systems Windows Embedded Standard 2009 SP2 Windows XP Embedded SP1, Embedded Standard 2009 SP3 Windows Embedded for POS Version 1.0 Proprietary and Confidential Information January 30, 2015 Virtual Server Platforms Endpoint Requirements for PCs and Laptops VMware vSphere 5.5 and older (ESX/ESXi 5.5 and older), Workstation 9.0 and older, Server 2.0 and older Citrix XenDesktop 5; XenServer 5.6 and older; XenApp 6.5 and older Microsoft Hyper-V Server 2008, 2008 R2, 2012 and 2012 R2 Virtual Box Processor: Intel Pentium/Celeron family AMD K6/Athlon/Duron family Other compatible processor with those listed above Memory: 128 MB RAM (minimum) Browsers: Internet Explorer: versions 8, 9, and 10 Firefox: the latest 5 versions Chrome: the latest 5 versions Safari: versions 5.0.1 and above Opera: the latest 5 versions Page 3 | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015 The WSA agent communicates over port 80 and 443, to the Webroot Intelligence Network and your management console. These communications are encrypted via a proprietary form of obfuscation. If you are utilizing a web content filter or a proxy server, you will want to consider the following to ensure the WSA agent can communicate to the Webroot Intelligence Network and your console. When configuring firewalls or any network access layer that can block WSAB traffic, the following URL masks need to be considered. These URLs can also be used to lock down any systems that would otherwise have no Internet access whatsoever. *.amazonaws.com *.cloudfront.net *.prevx.com *.webroot.com *.webrootanywhere.com *.webrootcloudav.com Mobile Protection If you have Mobile Protection, you should permit the following URL: *.webrootmobile.com *.wrproxy.com Welcome Email – [email protected] Alerts/Summaries – [email protected] Support Notifications – [email protected] By using the –autoproxy switch during install, the WSA agent auto-detects an endpoint’s proxy settings. However, you can manually specify those settings as needed. The syntax is listed in Command Line Switches on page 7. Page 4 | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015 Trial Initiation and Welcome Email User Creation and Console Registration Default Policy Selection Create Additional Admins, if applicable Permit WSA URLs, if applicable Configure Alerts; this is optional Deploy WSA agent Review Unknowns and Create Overrides; this is optional Registering your new console will be your very first step. This will ensure that you have a chance to modify any policy settings, prior to installing the WSA agent. After the trial has been started, you will receive an email from [email protected] which will contain A link to start the Registration process Your keycode Additional helpful information The WSA console comes with four default policies, as follows: Recommended Defaults – Recommended settings with protection and remediation enabled. Recommended Server Defaults – Recommended settings for servers, with protection and remediation enabled. Silent Audit – Non remediation/Security audit. Unmanaged – Provides agent control to the endpoint’s local user. Note: When an endpoint is covered by any policy, other than Unmanaged, then it is automatically locked down, preventing changes and uninstallation. Default policies cannot be edited or deleted. They can, however, be used to create new policies by copying and editing. Page 5 | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015 The WSA agent checks for updates when the following events occur: Scans are run, both scheduled and manual A new file is being determined The endpoint is rebooted Right-clicking the WSA agent in the System Tray and selecting Refresh Configuration The poll interval expires The poll is triggered by command line, listed in the Command Line Switches section below The poll interval is controlled by policy. The default settings are: Daily – For the Recommended Defaults policy 1 Hour – For the Recommended Server Defaults policy The possible Poll Interval setting values are: Daily 12 hours 6 hours 4 hours 3 hours 2 hours 1 hour 30 minutes 15 minutes If you are testing and making lots of policy changes, you should consider shortening the polling interview so that the endpoints receive these changes sooner. The WSA agent comes in two installer formats, EXE and MSI, both of which are located under the Resources tab in your WSA console. EXE – The EXE file format can be downloaded and installed either using the generic EXE file, wsasme.exe or by using the Windows Download link, which is the EXE file, renamed using your WSA keycode, which when run, imbeds the keycode into the installation process, which runs as a silent and unattended. MSI – The MSI format can be downloaded utilizing the wsasme.msi link under the Install using MSI section. The MSI can be edited directly to include the keycode and be deployed using GPO. A video here outlines that process. Page 6 | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015 Some architectures can cause duplicates in the WSA console. This can occasionally occur because of improperly configured endpoint images or virtual machines. If duplicates occur in your Webroot console during your testing, please uninstall Webroot SecureAnywhere Business Endpoint Protection from the affected endpoints. Then, reinstall it with the command line option -clone, which causes SecureAnywhere to create a unique identification for that system. For example, enter the following command line: wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx /silent -clone Note: X’s represent the numerals in your license key. After installation, a new hostname appears in the Webroot console. For example, hostname PCHOSTNAME might become PCHOSTNAME-C8137921. When an agent is uninstalled or reinstalled, this value persists so that existing agents won’t move to other IDs. However, if the OS is reinstalled, the ID will change. /key Install with a specific keycode. /silent Ex: wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx Install silently without showing any prompts. Ex: wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx /silent Page 7 | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015 /group=GROUPCODE Command line switch for deploying directly into groups. Example: wsasme.exe /key=xxxxxxxxx /group=-135260017840748808 /silent Assign endpoints to a specific group by selecting the group you want to add endpoints to, then from the Actions drop-down menu, select Deploy Endpoints to this Group. Note the GROUPCODE. Other requirements: The group must already exist in the console. This only works new for new installs on systems that have never been seen by the console previously. Example for command line: msiexec /i "C:\wsasme.msi" GUILIC="XXXX-XXXX-XXXX-XXXX" CMDLINE="SME,quiet,Group=-135260017840748808" /qn /l*v %windir%\wsa_install_log.txt For MSI installs you can use command line and an MSI editor. Example for MSI Editor in CMDLINE field: Group=135260017840748808 For use when InstanceMID's are matching causing duplicates in the console or endpoints replacing endpoints at each poll interval, usually found in imaged/cloned environments. -clone Ex: wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx /silent clone For use when DeviceMID's are matching causing duplicates in the console or endpoints replacing endpoints at each poll interval. Typically used for virtual environments like Citrix Provisioning or VDI where the use of -clone is not effective due to Device MIDs being the same. -uniquedevice -poll Ex: wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx /silent -uniquedevice Poll via a command line option. -autoproxy Example: "c:\program files\webroot\wrsa.exe" –poll Use the automatic proxy configuration Page 8 | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015 -proxy Proxy settings. Always use all parameters and blank out any value you don't need with double quotes, for example, proxypass="" proxyauth # being: 0 = Any authentication 1 = Basic 2 = Digest 3 = Negotiate 4 = NTLM Example: wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx /silent -proxyhost=nn.nn.nn.nn -proxyauth=n -proxyuser="proxyuser" -proxypass="password" -proxyport=port_number Page 9 | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015 Overrides give administrative control over the files that are allowed to run on endpoints, with the ability to override files as Good or Bad, and apply overrides globally or to individual policies. Overrides may be deployed from several locations within Webroot in SecureAnywhere: In the Management Console from the following tabs: Overrides tab Group Management tab Reports tab From any area of the Management Console that displays the Create override button. When an Administrator adds overrides from the Group Management or Reports tabs, the MD5 values have already been saved in the console and are available for use. When overrides are added from the Overrides tab, the Administrator needs to first scan the endpoint and save the endpoint log to find and then use the MD5 values. Overrides may be applied to all managed endpoints policies globally, or used within individual policies. Overrides may also have different settings at the global and individual policy levels. For example an MD5 file might be treated as Bad at the global level and Good at the individual policy level. Page 10 | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015 1. Open the Group Management tab and select a group from the Groups panel. 2. Do either of the following: Select an individual endpoint on which to run the command. To run the command on all endpoints in the group, select Hostname. 3. Open the Agent Commands menu and select Agent > Uninstall. The SecureAnywhere agent will be removed; however the listing for the workstation remains. We recommend you create a group called Uninstalled Clients into which these can be moved. To remove a listing completely, select the red Deactivate button, which frees up the license seat taken by the endpoint. Note: This endpoint will no longer check in with your console unless you reactivate it. Use the following steps to boot the computer into Safe Mode with Networking. 1. Shut down the computer. 2. Turn the computer on and tap the F8 key repeatedly. 3. Use the Up and Down arrows to select Safe Mode with Networking. 4. On your keyboard, press Enter. 5. Do one of the following: Page 11 If the endpoint was managed by a policy, Select Safe Mode with Networking. This is the default. If the endpoint was not managed by a policy, select Safe Mode. | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015 6. Do one of the following depending on your operating system: Windows XP – Click Start, and then click Run. In the Run window, type appwiz.cpl, then press Enter on your keyboard. Windows Vista/Windows 7 – Click Start, or the Windows icon. In the Search field, type appwiz.cpl, then press Enter on your keyboard. 7. Select Webroot SecureAnywhere, then click Uninstall/Remove. 8. Confirm any messages regarding uninstalling the program. 9. Once the uninstall process has finished, restart the computer. If Webroot SecureAnywhere is not visible in the Control Panel, the software can be uninstalled from the command line by running the following: C:\Program Files\Webroot\WRSA.exe –uninstall Page 12 | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015 The process of opening a Support Ticket can usually be expedited by first collecting log files from the affected endpoint, utilizing the WSA agent command Customer Support Diagnostics. This agent command gathers all of the necessary diagnostic information needed by Webroot’s Support Team to help you with your issue. To speed this process even further, click the Refresh Configuration button on the endpoint, instead of waiting for the Poll Interval to expire for the endpoint to check-in and pick-up the agent command. A Support Ticket can be opened from several locations. By clicking the Get Customer Support button in the WSA Agent. Page 13 | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015 By right-clicking the WSA Agent System Tray icon and selecting Help. From the WSA console by selecting your email address and the drop-down menu in the upper right corner: Directly from the Webroot website. https://www.webrootanywhere.com/servicewelcome.asp?SOURCE=ENTERPRISEW SA Regardless which method you choose, you will be prompted for your email address. You will be notified via email when Webroot Support has responded to your ticket and you will need to log back into the Support page to retrieve the reply. If this is the first time you have contacted Webroot Support via online ticket, you will be able to start your ticket immediately and a password for future conversations will be sent to you. If you are a returning Support customer, enter the password that was sent to you previously. If you have forgotten that password, there is a password recover link to help you. Page 14 | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015 WSA Console Ask Webroot Open Support Ticket Business Community Admin Guide Webroot YouTube Channel WSA Trial Page 15 | Webroot, Inc. | Proprietary and Confidential Information January 30, 2015
© Copyright 2024