Changing Policy Settings

Once you create a policy, you can change its settings to suit your business purposes. If needed, you can make temporary changes, called creating drafts, and then implement them later, called promoting to live. For more information, see Creating Policies.

Note: You cannot change Webroot default policy settings.

Policies control the following SecureAnywhere settings on managed endpoints.

SECTION	DESCRIPTION
Basic Configuration	General preferences that change the behavior of the SecureAnywhere program, such as whether the program icon displays in the endpoint's system tray and whether the user can shut down the program.
Scan Schedule	Allows you to run scans at different times, change the scanning behavior, or turn off automatic scanning. If you do not modify the scan schedule, SecureAnywhere launches scans automatically every day, at about the same time you installed the software.
Scan Settings	Provides more control over scans, such as performing a more thorough scan.
Self Protection	Provides additional protection that prevents malicious software from modifying the SecureAnywhere program settings and processes on the endpoint. If SecureAnywhere detects another product attempting to interfere with its functions, it launches a protective scan to look for threats.
Heuristics	Provides threat analysis that SecureAnywhere performs when scanning endpoints. Heuristics can be adjusted for separate areas of the endpoints, including the local drive, USB drives, the Internet, the network, CD/DVDs, and when the endpoint is offline.
Realtime Shield	Blocks known threats listed in Webroot's threat definitions and in Webroot's community database.
Behavior Shield	Analyzes applications and processes running on the endpoints.
Core System Shield	Monitors the computer system structures to ensure that malware has not tampered with them.
Web Threat Shield	Protects endpoints as users surf the Internet and click links in search results.
Identity Shield	Protects from identity theft and financial loss. It ensures that sensitive data is protected, while safe-guarding users from keyloggers, screen-grabbers, and other information-stealing techniques.
Firewall	Monitors data traffic traveling out of computer ports. It looks for untrusted processes that try to connect to the Internet and steal personal information. The Webroot firewall works in conjunction with the Windows firewall, which monitors data traffic coming into the endpoints.
User Interface	Provides user access to the SecureAnywhere program on the endpoint.
System Optimizer	Controls System Optimizer behavior, such as an automatic cleanup schedule and what types of files and traces to remove from the endpoint.

To change policy settings:

Click the Policies tab.
The Policies tab displays.
In the Policy Name column, find the policy you want to change and double-click it.
The settings window for that policy displays, with the Basic Configuration setting selected in the Section column.
The Setting column displays the name of the policy, in addition to which:
- Settings that apply to PC only are indicated by the Windows icon.
- Settings that apply to PC and Mac are indicated by both the Windows icon and the Mac icon.
The Live column displays how the setting is currently implemented on the endpoints.
The Draft column is where you make changes.
In the Section column, select the category you want to edit.
In the Draft column, for each Setting, double-click in the cell to view the options, then, from the drop-down menu, select the appropriate setting.
For a complete description of each setting, see the following tables in this procedure.
Basic Configuration Realtime Shield Firewall
Scan Schedules Behavior Shield User Interface
Scan Settings Core System Shield System Optimizer
Self Protection Web Threat Shield
Heuristics Identity Shield
When you're done making changes for a selection, click the Save Changes button.
Continue editing each section for that policy, making sure to click Save Changes before you move to another section.
Any policy with changes not yet implemented displays in the Draft Changes column.
Note: The green color indicates that the setting is On; the Orange color indicates the setting is Off. The colors are so that you can easily scan the list.
Do either of the following:
- If you're not ready to implement the changes, click the Save Changes button and return to the Policy tab.
- If you are ready to implement the changes, click the Save Changes button, then click the Promote Draft Changes to Live button.
  Note: Your changes do not take effect until you promote them.

Basic Configuration

The Basic Configuration settings control the behavior of the SecureAnywhere software on managed endpoints.

SETTING	DESCRIPTION
Show a SecureAnywhere shortcut on the desktop	Provides quick access to the main interface by placing the shortcut icon on the endpoint desktop. This setting applies only to PC endpoints.
Show a system tray icon	Provides quick access to SecureAnywhere functions by placing the Webroot icon in the endpoint system tray. This setting applies only to PC endpoints.
Show a splash screen on bootup	Opens the Webroot splash screen when the endpoint starts. This setting applies only to PC endpoints.
Show SecureAnywhere in the Start Menu	Lists SecureAnywhere in the Windows Startup menu items. This setting applies only to PC endpoints.
Show SecureAnywhere in Add/Remove Programs	Lists SecureAnywhere in the Windows Add/Remove Programs panel. This setting applies only to PC endpoints.
Show SecureAnywhere in Windows Action Center	Lists SecureAnywhere in the Windows Action Center, under Virus Protection information. This setting applies only to PC endpoints.
Hide the SecureAnywhere keycode and subscription information on-screen	Hides the keycode on the endpoint's My Account panel. Asterisks replace the code, except for the first four digits. This setting applies to both PC and Mac endpoints.
Automatically download and apply updates	Downloads product updates automatically without alerting the endpoint user. This setting applies to both PC and Mac endpoints.
Operate background functions using fewer CPU resources	Saves CPU resources by running non-scan related functions in the background. This setting applies to both PC and Mac endpoints.
Favor low disk usage over verbose logging (fewer details stored in logs)	Saves disk resources by saving only the last four log items. This setting applies only to PC endpoints.
Lower resource usage when intensive applications or games are detected	Suppresses SecureAnywhere functions while the user is gaming, watching videos, or using other intensive applications. This setting applies to both PC and Mac endpoints.
Allow SecureAnywhere to be shut down manually	Displays a Shutdown command in the endpoint's system tray menu. Deselecting this option removes the Shutdown command from the menu. This setting applies to both PC and Mac endpoints.
Force non-critical notifications into the background	Suppresses information-only messages from displaying in the system tray. This setting applies only to PC endpoints.
Fade out warning messages automatically	Closes warning dialogs in the system tray after a few seconds. If you disable this option, the user must manually click on a message to close it. This setting applies to both PC and Mac endpoints.
Store Execution History details	Stores data for the Execution History logs, available under Reports. This setting applies only to PC endpoints.
Poll interval	Specifies how often the endpoint checks for updates. For example: 15 minutes, 30 minutes, 1 hour, or 2 hours. This setting applies to both PC and Mac endpoints.

Scan Schedule

SecureAnywhere runs scans automatically every day, at about the same time you installed the software. You can use the Scan Schedule settings to change the schedules and run scans at different times.

SETTING	DESCRIPTION
Enable Scheduled Scans	Allows scheduled scans to run on the endpoint. This setting applies to both PC and Mac endpoints.
Scan Frequency	Determines how often to run the scan. You can set a day of the week or select on bootup. This setting applies to both PC and Mac endpoints.
Time	Specifies the time to run the scan: Scan time options for when computer is idle are before 8:00 a.m., before noon, before 5:00 p.m., or before midnight. Scan time options for when resources are available are hourly, from 12:00 a.m. to 11:00 p.m. This setting applies to both PC and Mac endpoints.
Scan on bootup if the computer is off at the scheduled time	Launches a scheduled scan within an hour after the user turns on the computer, if the scan did not run at the normally scheduled time. If this option is disabled, SecureAnywhere ignores missed scans. This setting applies to both PC and Mac endpoints.
Hide the scan progress window during scheduled scans	Runs scans silently in the background. If this option is disabled, a window opens and displays the scan progress. This setting applies only to PC endpoints.
Only notify me if an infection is found during a scheduled scan	Opens an alert only if it finds a threat. If this option is disabled, a small status window opens when the scan completes, whether a threat was found or not. This setting applies only to PC endpoints.
Do not perform scheduled scans when on battery power	Helps conserve battery power. If you want SecureAnywhere to launch scheduled scans when the endpoint is on battery power, deselect this option. This setting applies to both PC and Mac endpoints.
Do not perform scheduled scans when a full screen application or game is open	Ignores scheduled scans when the user is viewing a full-screen application, such as a movie or a game. Deselect this option if you want scheduled scans to run anyway. This setting applies to both PC and Mac endpoints.
Randomize the time of scheduled scans up to one hour for distributed scanning	Determines the best time for scanning, based on available system resources, and runs the scan within an hour of the scheduled time. If you want to force the scan to run at the scheduled time, deselect this option. This setting applies only to PC endpoints.
Perform a scheduled Quick Scan instead of a Deep Scan	Runs a quick scan of memory. We recommend that you keep this option deselected, so that deep scans run for all types of malware in all locations. This setting applies only to PC endpoints.

Scan Settings

Scan settings give advanced control over scanning performance.

SETTING	DESCRIPTION
Enable Realtime Master Boot Record (MBR) Scanning	Protects the endpoint against master boot record (MBR) infections. An MBR infection can modify core areas of the system so that they load before the operating system and can infect the computer. We recommend that you keep this option selected. It adds only a small amount of time to the scan. This setting applies only to PC endpoints.
Enable Enhanced Rootkit Detection	Checks for rootkits and other malicious software hidden on disk or in protected areas. Spyware developers often use rootkits to avoid detection and removal. We recommend that you keep this option selected. It adds only a small amount of time to the scan. This setting applies only to PC endpoints.
Enable "right-click" scanning in Windows Explorer	Enables an option for scanning the currently selected file or folder in the Windows Explorer right-click menu. This option is helpful if the user downloads a file and wants to scan it quickly. This setting applies only to PC endpoints.
Update the currently scanned folder immediately as scanned	Displays a full list of files as SecureAnywhere scans each one. To increase scan performance slightly, deselect this option so that file names only update once per second on the panel. SecureAnywhere will still scan all files, just not take the time to display each one on the screen. This setting applies only to PC endpoints.
Favor low memory usage over fast scanning	Reduces RAM usage in the background by using less memory during scans, but scans will also run a bit slower. Deselect this option to run faster scans and use more memory. This setting applies only to PC endpoints.
Favor low CPU usage over fast scanning	Reduces CPU usage during scans, but scans will also run a bit slower. Deselect this option to run faster scans. This setting applies only to PC endpoints.
Save non-executable file details to scan logs	Saves all file data to the scan log, resulting in a much larger log file. Leave this option deselected to save only executable file details to the log. This setting applies only to PC endpoints.
Show the "Authenticating Files" popup when a new file is scanned on-execution	Displays a small dialog whenever the user runs a program for the first time. Leave this option deselected if you do not want users to see this dialog. This setting applies only to PC endpoints.
Scan archived files	Scans compressed files in zip, rar, cab, and 7-zip archives. This setting applies to both PC and Mac endpoints.
Automatically reboot during cleanup without prompting	Restarts the computer after running a clean-up, which is the process of removing all traces of a malware file. This setting applies only to PC endpoints.
Never reboot during malware cleanup	Prevents the endpoint from restarting during cleanup, which is the process of removing all traces of a malware file. This setting applies only to PC endpoints.
Automatically remove threats found during background scans	Removes threats during scans that run in the endpoint's background and sends them to quarantine. This setting applies only to PC endpoints.
Automatically remove threats found on the learning scan	Removes threats during the first scan on the endpoint and sends them to quarantine. This setting applies only to PC endpoints.
Enable Enhanced Support	Allows logs to be sent to Webroot customer support. This setting applies only to PC endpoints.
Show Infected Scan Results	Displays scan results. If not enabled, the endpoint does not display scan results even if malware is detected. This setting applies only to PC endpoints.
Detect Possibly Unwanted Applications (PUAs) as malicious	Detects PUAs and blocks them from installing. Potentially unwanted applications (PUAs) are programs that aren't necessarily malicious but contain adware, toolbars, or other unwanted additions to your system. Generally, PUAs are not malicious but may be unsuitable for use in a business environment, and may create security concerns. If a PUA is already on the system Webroot SecureAnywhere will detect the main program but may not be able to fully remove all aspects of it. This setting applies only to PC endpoints.
Allow files to be submitted for threat research	Allows potentially malicious files that our systems have not yet classified to be automatically uploaded to Webroot. This setting applies only to PC endpoints.

Self Protection Settings

Self Protection prevents malicious software from modifying the SecureAnywhere program settings and processes. If SecureAnywhere detects that another product is attempting to interfere with its functions, it launches a protective scan to look for threats. It will also update the internal self protection status to prevent incompatibilities with other software.

Note: We recommend that you leave Self Protection at the Maximum settings, unless you use other security software in addition to SecureAnywhere. If you use additional security software, adjust Self Protection to Medium or Minimum. The Maximum setting might interfere with other security software.

SETTING	DESCRIPTION
Enable self-protection response cloaking	Turns self-protection on and off. This setting applies only to PC endpoints.
Self-protection level	Sets the detection level to: Minimum — Protects the integrity of the SecureAnywhere settings and databases. Recommended if the endpoint has several other security products installed. Medium — Prevents other programs from disabling protection. Provides maximum possible compatibility with other security software. Maximum — Provides the highest protection of the SecureAnywhere processes. We recommend that you use this setting. This setting applies only to PC endpoints.

SETTING

DESCRIPTION

Enable self-protection response cloaking

Turns self-protection on and off.

This setting applies only to PC endpoints.

Self-protection level

Sets the detection level to:

Minimum — Protects the integrity of the SecureAnywhere settings and databases. Recommended if the endpoint has several other security products installed.
Medium — Prevents other programs from disabling protection. Provides maximum possible compatibility with other security software.
Maximum — Provides the highest protection of the SecureAnywhere processes. We recommend that you use this setting.

This setting applies only to PC endpoints.

Heuristics

With heuristics, you can set the level of threat analysis that SecureAnywhere performs when scanning managed endpoints. SecureAnywhere includes three types of heuristics: advanced, age, and popularity.

You can adjust these types of heuristics for several areas:

Local Heuristics — Local drive
USB Heuristics — USB drives
Internet Heuristics — Internet
Network Heuristics — Network
CD/DVD Heuristics — CD/DVDs
Offline Heuristics — When your computer is offline

For each of these areas, you can set the following options:

Disable Heuristics — Turns off heuristic analysis for the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline. Not recommended.
Apply advanced heuristics before Age/Popularity heuristics — Warns against new programs as well as old programs that exhibit suspicious behavior on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline.
Apply advanced heuristics after Age/Popularity heuristics — Warns against suspicious programs detected with Advanced Heuristics, based on Age/Popularity settings on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline.
Warn when new programs execute that are not known good — Warns when malicious, suspicious, or unknown programs try to execute on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline. Keep in mind that this setting may result in false detections.

SETTING	DESCRIPTION
Advanced Heuristics	Analyzes new programs for suspicious actions that are typical of malware. Disabled — Turns off Advanced Heuristics, leaving it vulnerable to new threats; however, it will still be protected against known threats. Low — Detects programs with a high level of malicious activity. This setting ignores some suspicious behavior and allows most programs to run. Medium — Balances detection versus false alarms by using our tuned heuristics in the centralized community database. High — Protects against a wide range of new threats. Use this setting if you think your system is infected or at very high risk. This setting may result in false detections. Maximum — Provides the highest level of protection against new threats. Use this setting if you think that your system is infected or at very high risk. This setting may result in false detections. This setting applies only to PC endpoints.
Age Heuristics	Analyzes new programs based on the amount of time the program has been in the community. Legitimate programs are generally used in a community for a long time, but malware often has a short life span. Disabled — Turns off Age Heuristics, leaving it vulnerable to new threats; however, it will still be protected against known threats. Low — Detects programs that have been created or modified very recently. Medium — Detects programs that are fairly new and not trusted, preventing zero-day or zero-hour attacks. We recommend using this setting if you do not allow unpopular programs to be installed on your managed endpoints and you want extra security to prevent mutating threats. High — Detects programs that have been created or modified in a relatively short time and are not trusted. This setting is recommended only if new programs are rarely installed on your managed endpoints, and if you feel that your systems are relatively constant. This setting might generate a higher level of false detections on more obscure or unpopular programs. Maximum — Detects all untrusted programs that have been created or modified fairly recently. Use this setting only if your managed endpoints are in a high-risk situation, or if you think that they are currently infected. This setting applies only to PC endpoints.
Popularity Heuristics	Analyzes new programs based on statistics for how often the program is used in the community and how often it changes. Legitimate programs do not change quickly, but malware often mutates at a rapid pace. Malware may install as a unique copy on every computer, making it statistically unpopular. Low — Detects programs that are seen for the first time. This setting is recommended if new or beta programs are frequently installed on your managed endpoints, or if endpoint users are software developers who frequently create new programs. Medium — Detects unpopular and mutating programs, preventing zero-day and zero-hour attacks. We recommend using this setting if you do not allow new programs to be installed frequently on your managed endpoints and you want extra security over standard settings. High — Detects programs that a significant percentage of the community has seen. This setting is recommended if you do not allow new programs on your managed endpoints and you suspect that they are currently infected. Maximum —Detects programs that a large percentage of the community has seen. We recommend this setting if you think your managed endpoints are at very high risk, and you accept that you might receive false detections because of the strict heuristic rules. This setting applies only to PC endpoints.

SETTING

DESCRIPTION

Advanced Heuristics

Analyzes new programs for suspicious actions that are typical of malware.

Disabled — Turns off Advanced Heuristics, leaving it vulnerable to new threats; however, it will still be protected against known threats.
Low — Detects programs with a high level of malicious activity. This setting ignores some suspicious behavior and allows most programs to run.
Medium — Balances detection versus false alarms by using our tuned heuristics in the centralized community database.
High — Protects against a wide range of new threats. Use this setting if you think your system is infected or at very high risk. This setting may result in false detections.
Maximum — Provides the highest level of protection against new threats. Use this setting if you think that your system is infected or at very high risk. This setting may result in false detections.

This setting applies only to PC endpoints.

Age Heuristics

Analyzes new programs based on the amount of time the program has been in the community. Legitimate programs are generally used in a community for a long time, but malware often has a short life span.

Disabled — Turns off Age Heuristics, leaving it vulnerable to new threats; however, it will still be protected against known threats.
Low — Detects programs that have been created or modified very recently.
Medium — Detects programs that are fairly new and not trusted, preventing zero-day or zero-hour attacks. We recommend using this setting if you do not allow unpopular programs to be installed on your managed endpoints and you want extra security to prevent mutating threats.
High — Detects programs that have been created or modified in a relatively short time and are not trusted. This setting is recommended only if new programs are rarely installed on your managed endpoints, and if you feel that your systems are relatively constant. This setting might generate a higher level of false detections on more obscure or unpopular programs.
Maximum — Detects all untrusted programs that have been created or modified fairly recently. Use this setting only if your managed endpoints are in a high-risk situation, or if you think that they are currently infected.

This setting applies only to PC endpoints.

Popularity Heuristics

Analyzes new programs based on statistics for how often the program is used in the community and how often it changes. Legitimate programs do not change quickly, but malware often mutates at a rapid pace. Malware may install as a unique copy on every computer, making it statistically unpopular.

Low — Detects programs that are seen for the first time. This setting is recommended if new or beta programs are frequently installed on your managed endpoints, or if endpoint users are software developers who frequently create new programs.
Medium — Detects unpopular and mutating programs, preventing zero-day and zero-hour attacks. We recommend using this setting if you do not allow new programs to be installed frequently on your managed endpoints and you want extra security over standard settings.
High — Detects programs that a significant percentage of the community has seen. This setting is recommended if you do not allow new programs on your managed endpoints and you suspect that they are currently infected.
Maximum —Detects programs that a large percentage of the community has seen. We recommend this setting if you think your managed endpoints are at very high risk, and you accept that you might receive false detections because of the strict heuristic rules.

This setting applies only to PC endpoints.

Realtime Shield Settings

The Realtime shield blocks known threats that are listed in Webroot's threat definitions and community database. If the shield detects a suspicious file, it opens an alert and prompts you to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage to the endpoint or steals its information.

SETTING	DESCRIPTION
Realtime Shield Enabled	Turns the Realtime shield on and off. This setting applies to both PC and Mac endpoints.
Enable Predictive Offline Protection from the central SecureAnywhere database	Downloads a small threat definition file to your managed endpoints, protecting them even when they are offline. We recommend that you leave this setting on. This setting applies only to PC endpoints.
Remember actions on blocked files	Remembers how the user responded to an alert, whether they allowed a file or blocked it, and will not prompt again when it encounters the same file. If this setting is deselected, SecureAnywhere displays an alert every time it encounters the file in the future. This setting applies only to PC endpoints.
Automatically quarantine previously blocked files	Opens an alert when it encounters a threat and allows the user to block it and send it to quarantine. If this setting is off, the user must run a scan manually to remove a threat. This setting applies to both PC and Mac endpoints.
Automatically block files when detected on execution	Blocks threats and sends them to quarantine. If this setting is off, the user must respond to alerts about detected threats. This setting applies to both PC and Mac endpoints.
Scan files when written or modified	Scans any new or modified files that are saved to disk. If this setting is off, it ignores new file installations; however, it still alerts the user if a threat tries to launch. This setting applies to both PC and Mac endpoints.
Block threats automatically if no user is logged in	Stops threats from executing even when managed endpoints are logged off. Threats are sent to quarantine without notification. This setting applies to both PC and Mac endpoints.
Show realtime event warnings	Opens an alert when suspicious activity occurs. This setting applies only to PC endpoints.
Show realtime block modal alerts	Displays alerts when Heuristics detects malware, and prompts the user to allow or block the action. If Heuristics is set to Warn when new programs execute that are not known good, then this setting must be set to On. Otherwise, users will not see the alert. This setting applies only to PC endpoints.
Show realtime block notifications	Displays a tray notification if the Realtime shield detects malware. If this setting is off, there is no tray notification, but malware is blocked and the home page displays that threats were detected. This setting applies only to PC endpoints.

Behavior Shield Settings

The Behavior shield analyzes the applications and processes running on your managed endpoints. If it detects a suspicious file, it opens an alert and prompts you to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage to managed endpoints or steals information.

SETTING	DESCRIPTION
Behavior Shield Enabled	Turns the Behavior shield on and off. This setting applies only to PC endpoints.
Assess the intent of new programs before allowing them to execute	Watches the program's activity before allowing it to run. If it displays okay, SecureAnywhere allows it to launch and continues to monitor its activity. This setting applies only to PC endpoints.
Enable advanced behavior interpretation to identify complex threats	Analyzes a program to examine its intent. For example, a malware program might perform suspicious activities like modifying a registry entry, then sending an email. This setting applies only to PC endpoints.
Track the behavior of untrusted programs for advanced threat removal	Watches programs that have not yet been classified as legitimate or as malware. This setting applies only to PC endpoints.
Automatically perform the recommended action instead of showing warning messages	Does not prompt the user to allow or block a potential threat. SecureAnywhere determines how to manage the item. This setting applies only to PC endpoints.
Warn if untrusted programs attempt low-level system modifications when offline	Displays an alert if an unclassified program tries to make changes to your managed endpoints when they are offline. SecureAnywhere cannot check its online threat database if endpoints are disconnected from the Internet. This setting applies only to PC endpoints.

Core System Shield

The Core System shield monitors system structures of your managed endpoints and makes sure malware has not tampered with them. If the shield detects a suspicious file trying to make changes, it opens an alert and prompts the user to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage or steals information.

SETTING	DESCRIPTION
Core System Shield Enabled	Turns the Core System shield on and off. This setting applies only to PC endpoints.
Assess system modifications before they are allowed to take place	Intercepts any activity that attempts to make system changes on your managed endpoints, such as a new service installation. This setting applies only to PC endpoints.
Detect and repair broken system components	Locates corrupted components, such as a broken Layered Service Provider (LSP) chain or a virus-infected file, then restores the component or file to its original state. This setting applies only to PC endpoints.
Prevent untrusted programs from modifying kernel memory	Stops unclassified programs from changing the kernel memory. This setting applies only to PC endpoints.
Prevent untrusted programs from modifying system processes	Stops unclassified programs from changing system processes. This setting applies only to PC endpoints.
Verify the integrity of the LSP chain and other system structures	Monitors the Layered Service Provider (LSP) chain and other system structures to make sure malware does not corrupt them. This setting applies only to PC endpoints.
Prevent any program from modifying the HOSTS file	Stops spyware from attempting to add or change the IP address for a website in the Hosts file, and opens an alert for the user to block or allow the changes. This setting applies to both PC and Mac endpoints.

Web Threat Shield

The Web Threat shield protects your endpoints as users surf the Internet. If it detects a website that might be a threat, it opens an alert for users to block the site or continue despite the warning. When they use a search engine, this shield analyzes all the links on the search results page, then displays an image next to each link that signifies whether it's a trusted site, indicated by a green checkmark, or a potential risk, indicated by a red X.

SETTING	DESCRIPTION
Enable Web Shield	Turns the Web Threat shield on and off. This setting is turned On by default, which is the setting we recommend. This setting applies to both PC and Mac endpoints.
Activate browser extensions	Browser extensions provide blocking protection against malicious websites, realtime anti-phishing protection, and safety ratings when using search engines. Each function can be enabled or disabled separately using the individual controls for each function described in this table. To completely disable and remove extensions from each supported browser, change the setting to Off. This setting is turned On by default, which is the setting we recommend. This setting applies only to PC endpoints.
Block malicious websites	Any URLs and IPs you enter in a browser are checked and a block page displays for known malicious sites. This setting is turned On by default, which is the setting we recommend. This setting applies to both PC and Mac endpoints.
Enable real-time anti-phising	Protects against zero-day phishing sites. Zero-day phishing sites are sites that have never been seen before, and their related viruses do not yet have a definition. This setting is turned On by default, which is the setting we recommend. This setting applies to both PC and Mac endpoints.
Show safety ratings when using search engines	Search result are annotated with an icon and tooltip, indicating the likelihood that a site is malicious. This setting is turned On by default, which is the setting we recommend. This setting applies to both PC and Mac endpoints.
Enable web filtering driver	Provides additional protection against malicious connections, and in cases where the browser extensions are disabled. This setting is turned On by default, which is the setting we recommend. This setting applies only to PC endpoints.
Suppress the user's ability to bypass blocked websites	Prevents users from bypassing the block page presented when a malicious website is detected. This setting is turned On by default, which is the setting we recommend. This setting applies to both PC and Mac endpoints.
Suppress the user's ability to request website reviews	Prevents users from submitting website reviews from the block page when a malicious website is detected. This setting is turned On by default, which is the setting we recommend. This setting applies to both PC and Mac endpoints.

Identity Shield

The Identity shield protects sensitive data that might be exposed during online transactions. You can change the behavior of the Identity shield and control what it blocks.

SETTING	DESCRIPTION
Identity Shield Enabled	Turns the Identity shield on and off. This setting applies to both PC and Mac endpoints. Note: On Mac, this controls the Secure Keyboard Entry Mode setting.
Look for identity threats online	Analyzes websites as users browse the Internet or open links. If the shield detects malicious content, it blocks the site and opens an alert. This setting applies only to PC endpoints.
Verify websites when visited to determine legitimacy	Analyzes the IP address of each website to determine if it has been redirected or is on our blacklist. If the shield detects an illegitimate website, it blocks the site and opens an alert. This setting applies only to PC endpoints.
Verify the DNS/IP resolution of websites to detect Man-in-the-Middle attacks	Looks for servers that could be redirecting users to a malicious website, such as a man-in-the-middle attack. If the shield detects a man-in-the-middle attack, it blocks the threat and opens an alert. This setting applies only to PC endpoints.
Block websites from creating high risk tracking information	Blocks third-party cookies from installing on your managed endpoints if the cookies originate from malicious tracking websites. This setting applies only to PC endpoints.
Prevent programs from accessing protected credentials	Blocks programs from accessing login credentials, for example, when you type your name and password or when you request a website to remember them. This setting applies only to PC endpoints.
Warn before blocking untrusted programs from accessing protected data	Opens an alert any time malware attempts to access data, instead of blocking known malware automatically. This setting applies only to PC endpoints.
Allow trusted screen capture programs access to protected screen contents	Allows screen capture programs, no matter what content is displayed on the screen. This setting applies only to PC endpoints.
Enable Identity Shield compatibility mode	Allows certain applications to run that the Identity shield might block during normal operations. You can enable this option if you notice problems with an application's functions after SecureAnywhere was installed on the endpoint. With this compatibility mode enabled, the endpoint is still protected by the Identity shield's core functionality. This setting applies only to PC endpoints.
Enable keylogging protection in non-Latin systems	Allows endpoints with non-Latin systems, such as Japanese and Chinese, to be protected from keyloggers. This setting applies only to PC endpoints.

Firewall

The Webroot firewall monitors data traffic traveling out of endpoint ports. It looks for untrusted processes that try to connect to the Internet and steal personal information. It works with the Windows firewall, which monitors data traffic coming into your managed endpoints. With both the Webroot and Windows firewall turned on, network data has complete inbound and outbound protection.

The Webroot firewall is preconfigured to filter traffic on your managed endpoints. It works in the background without disrupting normal activities. If the firewall detects unrecognized traffic, it opens an alert. You can either block the traffic or allow it to proceed.

SETTING	DESCRIPTION
Enabled	Turns the Firewall on and off. This setting applies only to PC endpoints
Firewall level	Default Allow — Allows all processes to connect to the Internet, unless explicitly blocked. Warn unknown and infected — Warns if any new, untrusted processes connect to the Internet, if the endpoint is infected. Warn unknown — Warns if a new, untrusted process connects to the Internet. Default Block — Warns if any process connects to the Internet, unless explicitly blocked. This setting applies only to PC endpoints
Show firewall management warnings	Controls the alert displayed by SecureAnywhere when the Windows firewall is off: On — The user sees an alert when SecureAnywhere detects that the Windows firewall is off. Off — No alert displays when the Windows firewall is off. This setting applies only to PC endpoints
Show firewall process warnings	Controls the firewall alerts. If this is setting is Off, no firewall alerts display. This option works in conjunction with the Firewall Level settings. For example: If Show firewall process warnings and Default Block options are both set to On, the endpoint user sees an alert if a new process tries to connect. If Show Firewall process warnings is set to Off, no alert displays to the endpoint user and the process is allowed. This setting applies only to PC endpoints

User Interface

Gives administrative control over the SecureAnywhere interface on the endpoints using this policy.

SETTING	DESCRIPTION
GUI	Blocks or allows endpoint user access to the main SecureAnywhere interface. If users try to open SecureAnywhere when this option is set to Hide, a message tells them to contact the administrator to access the interface. This setting applies to both PC and Mac endpoints. Note: This option does not also hide the Webroot system tray icon on a PC. However, this option does hide the icon on a Mac.

SETTING

DESCRIPTION

GUI

Blocks or allows endpoint user access to the main SecureAnywhere interface.

If users try to open SecureAnywhere when this option is set to Hide, a message tells them to contact the administrator to access the interface.

This setting applies to both PC and Mac endpoints.

Note: This option does not also hide the Webroot system tray icon on a PC. However, this option does hide the icon on a Mac.

System Optimizer

System Optimizer removes traces of the end user's web browsing history, files that display computer use, and unnecessary files that consume valuable disk space, such as files in the Recycle Bin or Windows temporary files. System Optimizer does not run automatically; you need to schedule optimization and select the items you want removed.

Note: Optimization removes unnecessary files and traces, not malware threats. Malware is removed during scans. You can think of System Optimizer as the housekeeper for a computer, while the Scanner serves as the security guard.

SETTING	DESCRIPTION
Manage System Optimizer centrally	Enables the administrator to change System Optimizer settings, as follows: On — System Optimizer settings are displayed in the panel and are available to change. Off — No settings displays in this panel. This setting applies only to PC endpoints.
Schedule
Monday Through Sunday	Sets the days of the week, anything from one to seven, to automatically run System Optimizer. This setting applies only to PC endpoints.
Run at specific time of day - hour	Sets the hour of the day System Optimizer runs on the endpoints. This setting applies only to PC endpoints.
Run at specific time of day - minute	Sets the time in 15-minute increments that System Optimizer runs on the endpoints. This setting applies only to PC endpoints.
Run on bootup if the system was off at the scheduled time	Launches a missed scheduled cleanup when the endpoint powers on. This is applicable only if the endpoint was off during a scheduled cleanup. Otherwise, skips the missed cleanup. This setting applies only to PC endpoints.
Enable Windows Explorer right click secure file erasing	Includes an option for permanently erasing a file or folder in Windows Explorer on the endpoint. A menu item displays when the user right-clicks on a file or folder. This setting applies only to PC endpoints.
Windows Desktop
Recycle Bin	Removes all files from the Recycle Bin in Windows Explorer. This setting applies only to PC endpoints.
Recent document history	Clears the history of recently opened files, which is accessible from the Windows Start menu. The cleanup does not delete the actual files. This setting applies only to PC endpoints.
Start Menu click history	Clears the history of shortcuts to programs that end users recently opened using the Start menu. This setting applies only to PC endpoints.
Run history	Clears the history of commands recently entered into the Run dialog, which is accessible from the Start menu. After the cleanup, the end user may need to restart the computer to completely remove items from the Run dialog. This setting applies only to PC endpoints.
Search history	Clears the history of files or other information that the end user searched for on the computer. This history displays when the end user starts entering a new search that starts with the same characters. The cleanup does not delete the actual files. This setting applies only to PC endpoints.
Start Menu order history	Reverts the list of programs and documents in the Start menu back to alphabetical order, which is the default setting. After the cleanup runs, the list reverts back to alphabetical order after a system re-boot. This setting applies only to PC endpoints.
Windows System
Clipboard contents	Clears the contents from the Clipboard, where Windows stores data used in either the Copy or Cut function from any Windows program. This setting applies only to PC endpoints.
Windows Temporary folder	Deletes all files and folders in the Windows temporary folder, but not files that are in use by an open program. This folder is typically: C:\Windows\Temp. This setting applies only to PC endpoints.
System Temporary folder	Deletes all files and folders in the system temporary folder, but not files that are in use by an open program. This folder is typically in: C:\Documents and Settings\[username]\Local Settings\Temp. This setting applies only to PC endpoints.
Windows Update Temporary folder	Deletes all files and subfolders in this folder, but not files that are in use by an open program. Windows uses these files when a Windows Update runs. These files are typically in C:\Windows\Software\Distribution\Download. This setting applies only to PC endpoints.
Windows Registry Streams	Clears the history of recent changes made to the Windows registry. This option does not delete the registry changes themselves. This setting applies only to PC endpoints.
Default logon user history	Deletes the Windows registry entry that stores the last name used to log on to your computer. When the registry entry is deleted, end users must enter their user names each time they turn on or restart the computer. This cleanup option does not affect computers that use the default Welcome screen. This setting applies only to PC endpoints.
Memory dump files	Deletes the memory dump file (memory.dmp) that Windows creates with certain Windows errors. The file contains information about what happened when the error occurred. This setting applies only to PC endpoints.
CD burning storage folder	Deletes the Windows project files, created when the Windows built-in function is used to copy files to a CD. These project files are typically stored in one of the following directories: `C:\Documents and Settings\[username]\Local Settings\Application Data\Microsoft\CDBurning` or `C:\Users\[username]\AppData\Local\Microsoft\Windows\Burn\Burn` This setting applies only to PC endpoints.
Flash cookies	Deletes bits of data created by Adobe Flash, which can be a privacy concern because they track user preferences. Flash cookies are not actually cookies, and are not controlled through the cookie privacy controls in a browser. This setting applies only to PC endpoints.
Internet Explorer
Address bar history	Removes the list of recently visited websites, which is stored as part of Internet Explorer’s AutoComplete feature. This list can be seen from the Address drop-down menu at the top of the Internet Explorer browser. This setting applies only to PC endpoints.
Cookies	Deletes all cookies from the endpoint. Be aware that if you remove all cookie files, the end user must re-enter passwords, shopping cart items, and other entries that these cookies stored. This setting applies only to PC endpoints.
Temporary Internet Files	Deletes copies of stored web pages that the end user visited recently. This cache improves performance by helping web pages open faster, but can consume a lot of space on the hard drive. This setting applies only to PC endpoints.
URL history	Deletes the History list of recently visited websites of the Internet Explorer toolbar. This setting applies only to PC endpoints.
Setup Log	Deletes log files created during Internet Explorer updates. This setting applies only to PC endpoints.
Microsoft Download Folder	Deletes the contents in the folder that stores files last downloaded using Internet Explorer. This setting applies only to PC endpoints.
MediaPlayer Bar History	Removes the list of audio and video files recently opened with the media player in Internet Explorer. The cleanup does not delete the files themselves. This setting applies only to PC endpoints.
Autocomplete form information	Deletes data that Internet Explorer stores when the end user entered information into fields on websites. This is part of Internet Explorer’s AutoComplete feature. This setting applies only to PC endpoints.
Clean index.dat (cleaned on reboot)	Marks files in the index.dat file for deletion, then clears those files after the system reboots. The index.dat file is a growing Windows repository of web addresses, search queries, and recently opened files. This option works when you also select one or more of the following options: Cookies, Temporary Internet Files, or URL History. Index.dat functions like an active database. It is only cleaned after you reboot Windows. This setting applies only to PC endpoints.
Secure File Removal
Control the level of security to apply when removing files	Removes files permanently in a shredding process, which overwrites them with random characters. This shredding feature is a convenient way to make sure no one can ever access the endpoint's files with a recovery tool. By default, file removal is set to Normal, which means items are deleted permanently, bypassing the Recycle Bin. However, with the Normal setting, data recovery utilities could restore the files. To make sure files can never be recovered, select Maximum. Medium overwrites files with three passes, whereas Maximum overwrites files with seven passes and cleans the space around the files. Also be aware that cleanup operations take longer when you select Medium or Maximum. This setting applies only to PC endpoints.