Preparing for Setup

Before you begin, review the configuration steps in this section and make sure your environment meets the system requirements.

Note: These configuration steps are intended for the Endpoint Protection administrator who has full access permissions.

Configuration Steps

  1. Create an account using your keycode.

    You should have received the keycode in an email from Webroot. For more information, see Creating Accounts.

  2. Log in to the Management Portal and open the Setup Wizard.

    In the wizard, you must select a default policy for SecureAnywhere installations on endpoints.

    • A policy defines the SecureAnywhere settings, including how the program scans for threats and manages detected items.
    • An endpoint can be any Windows corporate workstation, such as a PC, laptop, server, or virtual server.

    After you select a policy, a Welcome window displays and provides information about how to deploy SecureAnywhere to endpoints. For more information, see Logging in and using the Setup Wizard.

  3. Edit your account settings for the Management Portal, including your contact number and a time zone where you are located. For more information, see Editing Your Own Account Settings.

    You can also create logins for other administrators to access the Management Portal. For more information, see Managing Portal Users.

    Note: This step is optional.

  4. Deploy the SecureAnywhere software to the endpoints. For more information, see Deploying SecureAnywhere to Endpoints.
  5. Determine if the default policy is sufficient for your business needs. You cannot change the Webroot default policies.

    If needed, add new policies with different settings; for more information, see Implementing Policies. You may also need to create overrides for certain files that you consider legitimate applications. For more information, see Applying Overrides From the Overrides Tab.

  6. Determine if you need to create separate groups of endpoints for different management purposes.

    When you deploy SecureAnywhere to your endpoints, Endpoint Protection places them all in one Default group. If needed, you can create new groups and assign them to new policies. For more information, see Organizing Endpoints Into Groups.

  7. Customize alert messages that will be sent to a distribution list whenever endpoints report an infection or whenever SecureAnywhere is installed on new endpoints. For more information, see Implementing Alerts.

    Note: This step is optional.

Communicating Through Firewalls

If a firewall is in place, please allow Webroot’s path masks through the firewall, as described in the following table.





Port 443 (https)

Agent communication and updates.

Note: Some firewalls do not support double dotted subdomain names with a single wildcard mask, for example, being represented by *, so some environments might require either * or *.*


Port 443 (https)

Agent messaging.*

Port 443 (https)

Agent file downloading and uploading.* Port 443 (https) Agent file downloading and uploading.* Port 443 (https) Agent file downloading and uploading.

Port 80 (http) & 443 (https)

Required for agent Web Filtering, elasticbeanstalk is an amazon AWS domain.


Port 80 (http) & 443 (https)

Management portal and support ticket logs upload.

When attempting to use proxy settings with Webroot SecureAnywhere Business – Endpoint Protection, there are additional methods to allow the Webroot product to communicate with our cloud servers. These are listed below.

Entering Proxy Bypasses

Note: This is the method that we recommend.

To enter a proxy bypass:

  1. Enter a proxy bypass for g*

    Note: If you select this option, be sure that the wild card mask (*) is supported. If not, you must add 100 separate URLs, for example, g1, g2, g3, ..., g99, g100.

Entering Proxy Information Within the Installer

This is the alternate method that we recommend.

To enter proxy information within the installer:

  1. Download the SecureAnywhere MSI installer to a network share:

  1. Use an msi editor.
  2. On the Property table, enter the subscription keycode in the GUILIC property and the proxy credentials on the CMDLINE property using the following commands:

    -proxyhost=X -proxyport=X -proxyuser=X -proxypass=X -proxyauth=#

  1. Always use all parameters and blank out any value you don't need with double quotes, for example:


    proxyauth # being: 0 = Any authentication 1 = Basic 2 = Digest 3 = Negotiate 4 = NTLM

  1. These arguments can also be applied with an executable install, for example:

    C:\wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx /silent -proxyhost=nn.nn.nn.nn -proxyauth=n -proxyuser="proxyuser" -proxypass="password" -proxyport=port_number

Entering Proxy Information on Each Endpoint Post Deployment

We recommend that you use this method only if you are unable to enter a proxy bypass or enter proxy information within the installer.

  1. Open the SecureAnywhere Endpoint Protection Group Management tab, open a group, and select an endpoint.
  2. In the Policy column of the selected endpoint, double-click its policy name to open a list of available policies.
  3. Select the unmanaged policy and apply. A red flag on the new policy name reminds you that you’ve made a change.
  4. Click Save Changes.
  5. Once applied, go to each individual endpoint workstation and follow the instructions below.
  6. Open SecureAnywhere Endpoint Protection from the system tray icon.
  7. Click Settings.
  8. In the Settings window, click the Proxy tab.
  9. Enter your proxy information.
  10. Click Save All to save your changes.
  11. After entering the proxy information, you can move the machine back to the original policy.

    Note: The best way to test proxy settings is to ensure there is no Internet access via the default gateway. You can hardcode an IP address and subnet mask for the endpoint’s network card without adding a default gateway or DNS server. As long as the proxy server is on the same subnet, you can be sure that the only Internet access is via the proxy server.