Webroot - Limiting Access to Shutdown Protection to Admins

wrx7m

I am trialing Webroot (for business) and am working through the policies. I am not sure if I am missing a setting somewhere or what, but I would like to only allow admins to shutdown protection for troubleshooting or installing a new application. I don't see a admin-specific or user-specific option anywhere.

If I allow it, any user can shutdown protection by entering a captcha. If I disable the setting, not even the admin can shut it down. Surely, there has to be a way to only allow admins this capability. What am I missing?

dbeato

Mm there is only two types of users
Basic and Admin

Basic has readonly access and well Admin is admin.
https://download.webroot.com/SecureAnywhereWebsiteUserGuide.pdf (page 26)

JaredBusch

@dbeato said in Webroot - Limiting Access to Shutdown Protection to Admins:

Mm there is only two types of users
Basic and Admin

Basic has readonly access and well Admin is admin.
https://download.webroot.com/SecureAnywhereWebsiteUserGuide.pdf (page 26)

Wrong answer.

If you set the policy to allow the agent to be shutdown, anyone can shut it down. You cannot restrict it to admins.

My question to @wrx7m is why do you want this in the first place? The point is you should never be shutting it down on a regular basis anyway.
If you need to, just move the endpoint to a group with a policy that allows it, or just change their policy. shut it down, do whatever and then put them back in the right group/policy.

wrx7m

@jaredbusch said in Webroot - Limiting Access to Shutdown Protection to Admins:

@dbeato said in Webroot - Limiting Access to Shutdown Protection to Admins:

Mm there is only two types of users
Basic and Admin

Basic has readonly access and well Admin is admin.
https://download.webroot.com/SecureAnywhereWebsiteUserGuide.pdf (page 26)

Wrong answer.

If you set the policy to allow the agent to be shutdown, anyone can shut it down. You cannot restrict it to admins.

My question to @wrx7m is why do you want this in the first place? The point is you should never be shutting it down on a regular basis anyway.
If you need to, just move the endpoint to a group with a policy that allows it, or just change their policy. shut it down, do whatever and then put them back in the right group/policy.

Thanks for the options. As stated in my OP, I disable it for installation of some software or troubleshooting purposes.

JaredBusch

@wrx7m said in Webroot - Limiting Access to Shutdown Protection to Admins:

@jaredbusch said in Webroot - Limiting Access to Shutdown Protection to Admins:

@dbeato said in Webroot - Limiting Access to Shutdown Protection to Admins:

Mm there is only two types of users
Basic and Admin

Basic has readonly access and well Admin is admin.
https://download.webroot.com/SecureAnywhereWebsiteUserGuide.pdf (page 26)

Wrong answer.

If you set the policy to allow the agent to be shutdown, anyone can shut it down. You cannot restrict it to admins.

My question to @wrx7m is why do you want this in the first place? The point is you should never be shutting it down on a regular basis anyway.
If you need to, just move the endpoint to a group with a policy that allows it, or just change their policy. shut it down, do whatever and then put them back in the right group/policy.

Thanks for the options. As stated in my OP, I disable it for installation of some software or troubleshooting purposes.

Right, I have been using Webroot for years at various clients and about the only reason I ever shut it down is to tinker with the hosts file. I once had to shut it down on a user machine in order for the user to pass an automated PCI compliance test. Then I turned it back on. But that was a once off issue.

dbeato

@jaredbusch fair enough, so are you saying that a Basic user can shutdown an agent as well?

I usually didn't need to even think about this as all our users are Admin since as an MSP we manage Webroot as our own and no one else.

wrx7m

@dbeato said in Webroot - Limiting Access to Shutdown Protection to Admins:

@jaredbusch fair enough, so are you saying that a Basic user can shutdown an agent as well?

I usually didn't need to even think about this as all our users are Admin since as an MSP we manage Webroot as our own and no one else.

Right. Any user can shutdown protection if it is set to enabled in the policy associated with that machine.

JaredBusch

@dbeato said in Webroot - Limiting Access to Shutdown Protection to Admins:

@jaredbusch fair enough, so are you saying that a Basic user can shutdown an agent as well?

No. I said that you are talking about the wrong thing.

dbeato

@jaredbusch So in essence what I said does not apply because it is talking about something else? Like those are not the users type? I just want to learn the mistake/error...

JaredBusch

@dbeato said in Webroot - Limiting Access to Shutdown Protection to Admins:

@jaredbusch So in essence what I said does not apply because it is talking about something else? Like those are not the users type? I just want to learn the mistake/error...

You are talking about users of the Webroot web console.

He is talking about users.

dbeato

@jaredbusch Makes sense now... O really thought OP was talking on the web interface but it makes sense since it is all or nothing with policies assigned to endpoints.

coliver

What software are you installing that trips webroot up? That seems like either you need to open a ticket with webroot or you need to talk to the software vendor.

When I was running webroot we never had to turn it off for software installations.

Dashrender

I don't use Webroot - but I rarely run into an issue where I need to disable my AV to install/update something.

wrx7m

I haven't had this happen with webroot yet (only been using it for a week in trial) but in the past some software has taken forever to install with Trend Micro running; to the point where I canceled the installation and disabled scanning. Then, it finished installing in less than a minute.

Also, some software vendors have it in their installation documentation to disable AV during installation. I usually don't, but have run into the occasional issue when not doing it.

RojoLoco

I've always handled this by having a policy that has everything turned off. When I need to disable it on a machine, I change the policy and then go to the endpoint and "refresh configuration". Install or troubleshoot, then change the policy back.

Webroot has never really blocked or messed with anything but our internal software.

wrx7m

Thanks, everyone. Policies are the way to handle it.

Has anyone needed to exclude services/files/directories from being scanned by webroot? For instance, Exchange, SQL, IIS, etc?

JaredBusch

@wrx7m said in Webroot - Limiting Access to Shutdown Protection to Admins:

Thanks, everyone. Policies are the way to handle it. Has anyone needed to exclude services/files/directories from being scanned by webroot? For instance, Exchange, SQL, IIS, etc?

Not normal stuff. No.

wrx7m

@jaredbusch said in Webroot - Limiting Access to Shutdown Protection to Admins:

@wrx7m said in Webroot - Limiting Access to Shutdown Protection to Admins:

Thanks, everyone. Policies are the way to handle it. Has anyone needed to exclude services/files/directories from being scanned by webroot? For instance, Exchange, SQL, IIS, etc?

Not normal stuff. No.

Nice.

JaredBusch

@wrx7m said in Webroot - Limiting Access to Shutdown Protection to Admins:

@jaredbusch said in Webroot - Limiting Access to Shutdown Protection to Admins:

@wrx7m said in Webroot - Limiting Access to Shutdown Protection to Admins:

Thanks, everyone. Policies are the way to handle it. Has anyone needed to exclude services/files/directories from being scanned by webroot? For instance, Exchange, SQL, IIS, etc?

Not normal stuff. No.

Nice.

We gave some exceptions for shit software. But nothing modern.

RojoLoco

@wrx7m Haven't had to make many overrides for normal stuff, mostly just our internal controls.