Changing Policy Settings
Once you create a policy, you can change its settings to suit your business purposes. If needed, you can make temporary changes, called creating drafts, and then implement them later, called promoting to live. For more information, see Creating Policies.
Note: You cannot change Webroot default policy settings.
Policies control the following SecureAnywhere settings on managed endpoints.
SECTION |
DESCRIPTION |
---|---|
General preferences that change the behavior of the SecureAnywhere program, such as whether the program icon displays in the endpoint's system tray and whether the user can shut down the program. |
|
Allows you to run scans at different times, change the scanning behavior, or turn off automatic scanning. If you do not modify the scan schedule, SecureAnywhere launches scans automatically every day, at about the same time you installed the software. |
|
Provides more control over scans, such as performing a more thorough scan. |
|
Provides additional protection that prevents malicious software from modifying the SecureAnywhere program settings and processes on the endpoint. If SecureAnywhere detects another product attempting to interfere with its functions, it launches a protective scan to look for threats. |
|
Provides threat analysis that SecureAnywhere performs when scanning endpoints. Heuristics can be adjusted for separate areas of the endpoints, including the local drive, USB drives, the Internet, the network, CD/DVDs, and when the endpoint is offline. |
|
Blocks known threats listed in Webroot's threat definitions and in Webroot's community database. |
|
Analyzes applications and processes running on the endpoints. |
|
Monitors the computer system structures to ensure that malware has not tampered with them. |
|
Protects endpoints as users surf the Internet and click links in search results. |
|
Protects from identity theft and financial loss. It ensures that sensitive data is protected, while safe-guarding users from keyloggers, screen-grabbers, and other information-stealing techniques. |
|
Monitors data traffic traveling out of computer ports. It looks for untrusted processes that try to connect to the Internet and steal personal information. The Webroot firewall works in conjunction with the Windows firewall, which monitors data traffic coming into the endpoints. |
|
Provides user access to the SecureAnywhere program on the endpoint. |
|
Controls System Optimizer behavior, such as an automatic cleanup schedule and what types of files and traces to remove from the endpoint. |
To change policy settings:
- Log in to your Endpoint Protection console.
The Endpoint Protection console displays, with the Status tab active.
- Click the Policies tab.
The Policies tab displays.
- In the Policy Name column, find the policy you want to change and double-click it.
The settings window for that policy displays, with the Basic Configuration setting selected in the Section column.
The Setting column displays the name of the policy, in addition to which:
- Settings that apply to PC only are indicated by the Windows icon.
- Settings that apply to PC and Mac are indicated by both the Windows icon and the Mac icon.
The Live column displays how the setting is currently implemented on the endpoints.
The Draft column is where you make changes.
- Settings that apply to PC only are indicated by the Windows icon.
- In the Section column, select the category you want to edit.
- In the Draft column, for each Setting, double-click in the cell to view the options, then, from the drop-down menu, select the appropriate setting.
For a complete description of each setting, see the following tables in this procedure.
Basic Configuration Realtime Shield Firewall Scan Schedules Behavior Shield User Interface Scan Settings Core System Shield System Optimizer Self Protection Web Threat Shield Heuristics Identity Shield - When you're done making changes for a selection, click the Save Changes button.
- Continue editing each section for that policy, making sure to click Save Changes before you move to another section.
Any policy with changes not yet implemented displays in the Draft Changes column.
Note: The green color indicates that the setting is On; the Orange color indicates the setting is Off. The colors are so that you can easily scan the list.
- Do either of the following:
- If you're not ready to implement the changes, click the Save Changes button and return to the Policy tab.
- If you are ready to implement the changes, click the Save Changes button, then click the Promote Draft Changes to Live button.
Note: Your changes do not take effect until you promote them.
- If you're not ready to implement the changes, click the Save Changes button and return to the Policy tab.
Basic Configuration
The Basic Configuration settings control the behavior of the SecureAnywhere software on managed endpoints.
SETTING |
DESCRIPTION |
---|---|
Show a SecureAnywhere shortcut on the desktop |
Provides quick access to the main interface by placing the shortcut icon on the endpoint desktop. This setting applies only to PC endpoints. |
Show a system tray icon |
Provides quick access to SecureAnywhere functions by placing the Webroot icon in the endpoint system tray. This setting applies only to PC endpoints. |
Show a splash screen on bootup |
Opens the Webroot splash screen when the endpoint starts. This setting applies only to PC endpoints. |
Show SecureAnywhere in the Start Menu |
Lists SecureAnywhere in the Windows Startup menu items. This setting applies only to PC endpoints. |
Show SecureAnywhere in Add/Remove Programs |
Lists SecureAnywhere in the Windows Add/Remove Programs panel. This setting applies only to PC endpoints. |
Show SecureAnywhere in Windows Action Center |
Lists SecureAnywhere in the Windows Action Center, under Virus Protection information. This setting applies only to PC endpoints. |
Hide the SecureAnywhere keycode and subscription information on-screen |
Hides the keycode on the endpoint's My Account panel. Asterisks replace the code, except for the first four digits. This setting applies to both PC and Mac endpoints. |
Automatically download and apply updates |
Downloads product updates automatically without alerting the endpoint user. This setting applies to both PC and Mac endpoints. |
Operate background functions using fewer CPU resources |
Saves CPU resources by running non-scan related functions in the background. This setting applies to both PC and Mac endpoints. |
Favor low disk usage over verbose logging (fewer details stored in logs) |
Saves disk resources by saving only the last four log items. This setting applies only to PC endpoints. |
Lower resource usage when intensive applications or games are detected |
Suppresses SecureAnywhere functions while the user is gaming, watching videos, or using other intensive applications. This setting applies to both PC and Mac endpoints. |
Allow SecureAnywhere to be shut down manually |
Displays a Shutdown command in the endpoint's system tray menu. Deselecting this option removes the Shutdown command from the menu. This setting applies to both PC and Mac endpoints. |
Force non-critical notifications into the background |
Suppresses information-only messages from displaying in the system tray. This setting applies only to PC endpoints. |
Fade out warning messages automatically |
Closes warning dialogs in the system tray after a few seconds. If you disable this option, the user must manually click on a message to close it. This setting applies to both PC and Mac endpoints. |
Store Execution History details |
Stores data for the Execution History logs, available under Reports. This setting applies only to PC endpoints. |
Poll interval |
Specifies how often the endpoint checks for updates. For example: 15 minutes, 30 minutes, 1 hour, or 2 hours. This setting applies to both PC and Mac endpoints. |
Scan Schedule
SecureAnywhere runs scans automatically every day, at about the same time you installed the software. You can use the Scan Schedule settings to change the schedules and run scans at different times.
SETTING |
DESCRIPTION |
---|---|
Enable Scheduled Scans |
Allows scheduled scans to run on the endpoint. This setting applies to both PC and Mac endpoints. |
Scan Frequency |
Determines how often to run the scan. You can set a day of the week or select on bootup. This setting applies to both PC and Mac endpoints. |
Time |
Specifies the time to run the scan:
This setting applies to both PC and Mac endpoints. |
Scan on bootup if the computer is off at the scheduled time |
Launches a scheduled scan within an hour after the user turns on the computer, if the scan did not run at the normally scheduled time. If this option is disabled, SecureAnywhere ignores missed scans. This setting applies to both PC and Mac endpoints. |
Hide the scan progress window during scheduled scans |
Runs scans silently in the background. If this option is disabled, a window opens and displays the scan progress. This setting applies only to PC endpoints. |
Only notify me if an infection is found during a scheduled scan |
Opens an alert only if it finds a threat. If this option is disabled, a small status window opens when the scan completes, whether a threat was found or not. This setting applies only to PC endpoints. |
Do not perform scheduled scans when on battery power |
Helps conserve battery power. If you want SecureAnywhere to launch scheduled scans when the endpoint is on battery power, deselect this option. This setting applies to both PC and Mac endpoints. |
Do not perform scheduled scans when a full screen application or game is open |
Ignores scheduled scans when the user is viewing a full-screen application, such as a movie or a game. Deselect this option if you want scheduled scans to run anyway. This setting applies to both PC and Mac endpoints. |
Randomize the time of scheduled scans up to one hour for distributed scanning |
Determines the best time for scanning, based on available system resources, and runs the scan within an hour of the scheduled time. If you want to force the scan to run at the scheduled time, deselect this option. This setting applies only to PC endpoints. |
Perform a scheduled Quick Scan instead of a Deep Scan |
Runs a quick scan of memory. We recommend that you keep this option deselected, so that deep scans run for all types of malware in all locations. This setting applies only to PC endpoints. |
Scan Settings
Scan settings give advanced control over scanning performance.
SETTING |
DESCRIPTION |
---|---|
Enable Realtime Master Boot Record (MBR) Scanning |
Protects the endpoint against master boot record (MBR) infections. An MBR infection can modify core areas of the system so that they load before the operating system and can infect the computer. We recommend that you keep this option selected. It adds only a small amount of time to the scan. This setting applies only to PC endpoints. |
Enable Enhanced Rootkit Detection |
Checks for rootkits and other malicious software hidden on disk or in protected areas. Spyware developers often use rootkits to avoid detection and removal. We recommend that you keep this option selected. It adds only a small amount of time to the scan. This setting applies only to PC endpoints. |
Enable "right-click" scanning in Windows Explorer |
Enables an option for scanning the currently selected file or folder in the Windows Explorer right-click menu. This option is helpful if the user downloads a file and wants to scan it quickly. This setting applies only to PC endpoints. |
Update the currently scanned folder immediately as scanned |
Displays a full list of files as SecureAnywhere scans each one. To increase scan performance slightly, deselect this option so that file names only update once per second on the panel. SecureAnywhere will still scan all files, just not take the time to display each one on the screen. This setting applies only to PC endpoints. |
Favor low memory usage over fast scanning |
Reduces RAM usage in the background by using less memory during scans, but scans will also run a bit slower. Deselect this option to run faster scans and use more memory. This setting applies only to PC endpoints. |
Favor low CPU usage over fast scanning |
Reduces CPU usage during scans, but scans will also run a bit slower. Deselect this option to run faster scans. This setting applies only to PC endpoints. |
Save non-executable file details to scan logs |
Saves all file data to the scan log, resulting in a much larger log file. Leave this option deselected to save only executable file details to the log. This setting applies only to PC endpoints. |
Show the "Authenticating Files" popup when a new file is scanned on-execution |
Displays a small dialog whenever the user runs a program for the first time. Leave this option deselected if you do not want users to see this dialog. This setting applies only to PC endpoints. |
Scan archived files |
Scans compressed files in zip, rar, cab, and 7-zip archives. This setting applies to both PC and Mac endpoints. |
Automatically reboot during cleanup without prompting |
Restarts the computer after running a clean-up, which is the process of removing all traces of a malware file. This setting applies only to PC endpoints. |
Never reboot during malware cleanup |
Prevents the endpoint from restarting during cleanup, which is the process of removing all traces of a malware file. This setting applies only to PC endpoints. |
Automatically remove threats found during background scans |
Removes threats during scans that run in the endpoint's background and sends them to quarantine. This setting applies only to PC endpoints. |
Automatically remove threats found on the learning scan |
Removes threats during the first scan on the endpoint and sends them to quarantine. This setting applies only to PC endpoints. |
Enable Enhanced Support |
Allows logs to be sent to Webroot customer support. This setting applies only to PC endpoints. |
Show Infected Scan Results |
Displays scan results. If not enabled, the endpoint does not display scan results even if malware is detected. This setting applies only to PC endpoints. |
Detect Possibly Unwanted Applications (PUAs) as malicious |
Detects PUAs and blocks them from installing. Potentially unwanted applications (PUAs) are programs that aren't necessarily malicious but contain adware, toolbars, or other unwanted additions to your system. Generally, PUAs are not malicious but may be unsuitable for use in a business environment, and may create security concerns. If a PUA is already on the system Webroot SecureAnywhere will detect the main program but may not be able to fully remove all aspects of it. This setting applies only to PC endpoints. |
Allow files to be submitted for threat research |
Allows potentially malicious files that our systems have not yet classified to be automatically uploaded to Webroot. This setting applies only to PC endpoints. |
Self Protection Settings
Self Protection prevents malicious software from modifying the SecureAnywhere program settings and processes. If SecureAnywhere detects that another product is attempting to interfere with its functions, it launches a protective scan to look for threats. It will also update the internal self protection status to prevent incompatibilities with other software.
Note: We recommend that you leave Self Protection at the Maximum settings, unless you use other security software in addition to SecureAnywhere. If you use additional security software, adjust Self Protection to Medium or Minimum. The Maximum setting might interfere with other security software.
SETTING |
DESCRIPTION |
---|---|
Enable self-protection response cloaking |
Turns self-protection on and off. This setting applies only to PC endpoints. |
Self-protection level |
Sets the detection level to:
This setting applies only to PC endpoints. |
Heuristics
With heuristics, you can set the level of threat analysis that SecureAnywhere performs when scanning managed endpoints. SecureAnywhere includes three types of heuristics: advanced, age, and popularity.
You can adjust these types of heuristics for several areas:
- Local Heuristics — Local drive
- USB Heuristics — USB drives
- Internet Heuristics — Internet
- Network Heuristics — Network
- CD/DVD Heuristics — CD/DVDs
- Offline Heuristics — When your computer is offline
For each of these areas, you can set the following options:
- Disable Heuristics — Turns off heuristic analysis for the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline. Not recommended.
- Apply advanced heuristics before Age/Popularity heuristics — Warns against new programs as well as old programs that exhibit suspicious behavior on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline.
- Apply advanced heuristics after Age/Popularity heuristics — Warns against suspicious programs detected with Advanced Heuristics, based on Age/Popularity settings on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline.
- Warn when new programs execute that are not known good — Warns when malicious, suspicious, or unknown programs try to execute on the local drive, USB drives, the Internet, the network, CD/DVDs, or when your computer is offline. Keep in mind that this setting may result in false detections.
SETTING |
DESCRIPTION |
---|---|
Advanced Heuristics |
Analyzes new programs for suspicious actions that are typical of malware.
This setting applies only to PC endpoints. |
Age Heuristics |
Analyzes new programs based on the amount of time the program has been in the community. Legitimate programs are generally used in a community for a long time, but malware often has a short life span.
This setting applies only to PC endpoints. |
Popularity Heuristics |
Analyzes new programs based on statistics for how often the program is used in the community and how often it changes. Legitimate programs do not change quickly, but malware often mutates at a rapid pace. Malware may install as a unique copy on every computer, making it statistically unpopular.
This setting applies only to PC endpoints. |
Realtime Shield Settings
The Realtime shield blocks known threats that are listed in Webroot's threat definitions and community database. If the shield detects a suspicious file, it opens an alert and prompts you to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage to the endpoint or steals its information.
SETTING |
DESCRIPTION |
---|---|
Realtime Shield Enabled |
Turns the Realtime shield on and off. This setting applies to both PC and Mac endpoints. |
Enable Predictive Offline Protection from the central SecureAnywhere database |
Downloads a small threat definition file to your managed endpoints, protecting them even when they are offline. We recommend that you leave this setting on. This setting applies only to PC endpoints. |
Remember actions on blocked files |
Remembers how the user responded to an alert, whether they allowed a file or blocked it, and will not prompt again when it encounters the same file. If this setting is deselected, SecureAnywhere displays an alert every time it encounters the file in the future. This setting applies only to PC endpoints. |
Automatically quarantine previously blocked files |
Opens an alert when it encounters a threat and allows the user to block it and send it to quarantine. If this setting is off, the user must run a scan manually to remove a threat. This setting applies to both PC and Mac endpoints. |
Automatically block files when detected on execution |
Blocks threats and sends them to quarantine. If this setting is off, the user must respond to alerts about detected threats. This setting applies to both PC and Mac endpoints. |
Scan files when written or modified |
Scans any new or modified files that are saved to disk. If this setting is off, it ignores new file installations; however, it still alerts the user if a threat tries to launch. This setting applies to both PC and Mac endpoints. |
Block threats automatically if no user is logged in |
Stops threats from executing even when managed endpoints are logged off. Threats are sent to quarantine without notification. This setting applies to both PC and Mac endpoints. |
Show realtime event warnings |
Opens an alert when suspicious activity occurs. This setting applies only to PC endpoints. |
Show realtime block modal alerts |
Displays alerts when Heuristics detects malware, and prompts the user to allow or block the action. If Heuristics is set to Warn when new programs execute that are not known good, then this setting must be set to On. Otherwise, users will not see the alert. This setting applies only to PC endpoints. |
Show realtime block notifications |
Displays a tray notification if the Realtime shield detects malware. If this setting is off, there is no tray notification, but malware is blocked and the home page displays that threats were detected. This setting applies only to PC endpoints. |
Behavior Shield Settings
The Behavior shield analyzes the applications and processes running on your managed endpoints. If it detects a suspicious file, it opens an alert and prompts you to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage to managed endpoints or steals information.
SETTING |
DESCRIPTION |
---|---|
Behavior Shield Enabled |
Turns the Behavior shield on and off. This setting applies only to PC endpoints. |
Assess the intent of new programs before allowing them to execute |
Watches the program's activity before allowing it to run. If it displays okay, SecureAnywhere allows it to launch and continues to monitor its activity. This setting applies only to PC endpoints. |
Enable advanced behavior interpretation to identify complex threats |
Analyzes a program to examine its intent. For example, a malware program might perform suspicious activities like modifying a registry entry, then sending an email. This setting applies only to PC endpoints. |
Track the behavior of untrusted programs for advanced threat removal |
Watches programs that have not yet been classified as legitimate or as malware. This setting applies only to PC endpoints. |
Automatically perform the recommended action instead of showing warning messages |
Does not prompt the user to allow or block a potential threat. SecureAnywhere determines how to manage the item. This setting applies only to PC endpoints. |
Warn if untrusted programs attempt low-level system modifications when offline |
Displays an alert if an unclassified program tries to make changes to your managed endpoints when they are offline. SecureAnywhere cannot check its online threat database if endpoints are disconnected from the Internet. This setting applies only to PC endpoints. |
Core System Shield
The Core System shield monitors system structures of your managed endpoints and makes sure malware has not tampered with them. If the shield detects a suspicious file trying to make changes, it opens an alert and prompts the user to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage or steals information.
SETTING |
DESCRIPTION |
---|---|
Core System Shield Enabled |
Turns the Core System shield on and off. This setting applies only to PC endpoints. |
Assess system modifications before they are allowed to take place |
Intercepts any activity that attempts to make system changes on your managed endpoints, such as a new service installation. This setting applies only to PC endpoints. |
Detect and repair broken system components |
Locates corrupted components, such as a broken Layered Service Provider (LSP) chain or a virus-infected file, then restores the component or file to its original state. This setting applies only to PC endpoints. |
Prevent untrusted programs from modifying kernel memory |
Stops unclassified programs from changing the kernel memory. This setting applies only to PC endpoints. |
Prevent untrusted programs from modifying system processes |
Stops unclassified programs from changing system processes. This setting applies only to PC endpoints. |
Verify the integrity of the LSP chain and other system structures |
Monitors the Layered Service Provider (LSP) chain and other system structures to make sure malware does not corrupt them. This setting applies only to PC endpoints. |
Prevent any program from modifying the HOSTS file |
Stops spyware from attempting to add or change the IP address for a website in the Hosts file, and opens an alert for the user to block or allow the changes. This setting applies to both PC and Mac endpoints. |
Web Threat Shield
The Web Threat shield protects your endpoints as users surf the Internet. If it detects a website that might be a threat, it opens an alert for users to block the site or continue despite the warning. When they use a search engine, this shield analyzes all the links on the search results page, then displays an image next to each link that signifies whether it's a trusted site, indicated by a green checkmark, or a potential risk, indicated by a red X.
SETTING |
DESCRIPTION |
---|---|
Enable Web Shield |
Turns the Web Threat shield on and off. This setting is turned On by default, which is the setting we recommend. This setting applies to both PC and Mac endpoints. |
Activate browser extensions |
Browser extensions provide blocking protection against malicious websites, realtime anti-phishing protection, and safety ratings when using search engines. Each function can be enabled or disabled separately using the individual controls for each function described in this table. To completely disable and remove extensions from each supported browser, change the setting to Off. This setting is turned On by default, which is the setting we recommend. This setting applies only to PC endpoints. |
Block malicious websites |
Any URLs and IPs you enter in a browser are checked and a block page displays for known malicious sites. This setting is turned On by default, which is the setting we recommend. This setting applies to both PC and Mac endpoints. |
Enable real-time anti-phising |
Protects against zero-day phishing sites. Zero-day phishing sites are sites that have never been seen before, and their related viruses do not yet have a definition. This setting is turned On by default, which is the setting we recommend. This setting applies to both PC and Mac endpoints. |
Show safety ratings when using search engines |
Search result are annotated with an icon and tooltip, indicating the likelihood that a site is malicious. This setting is turned On by default, which is the setting we recommend. This setting applies to both PC and Mac endpoints. |
Enable web filtering driver |
Provides additional protection against malicious connections, and in cases where the browser extensions are disabled. This setting is turned On by default, which is the setting we recommend. This setting applies only to PC endpoints. |
Suppress the user's ability to bypass blocked websites |
Prevents users from bypassing the block page presented when a malicious website is detected. This setting is turned On by default, which is the setting we recommend. This setting applies to both PC and Mac endpoints. |
Suppress the user's ability to request website reviews |
Prevents users from submitting website reviews from the block page when a malicious website is detected. This setting is turned On by default, which is the setting we recommend. This setting applies to both PC and Mac endpoints. |
Identity Shield
The Identity shield protects sensitive data that might be exposed during online transactions. You can change the behavior of the Identity shield and control what it blocks.
SETTING |
DESCRIPTION |
---|---|
Identity Shield Enabled |
Turns the Identity shield on and off. This setting applies to both PC and Mac endpoints. Note: On Mac, this controls the Secure Keyboard Entry Mode setting. |
Look for identity threats online |
Analyzes websites as users browse the Internet or open links. If the shield detects malicious content, it blocks the site and opens an alert. This setting applies only to PC endpoints. |
Verify websites when visited to determine legitimacy |
Analyzes the IP address of each website to determine if it has been redirected or is on our blacklist. If the shield detects an illegitimate website, it blocks the site and opens an alert. This setting applies only to PC endpoints. |
Verify the DNS/IP resolution of websites to detect Man-in-the-Middle attacks |
Looks for servers that could be redirecting users to a malicious website, such as a man-in-the-middle attack. If the shield detects a man-in-the-middle attack, it blocks the threat and opens an alert. This setting applies only to PC endpoints. |
Block websites from creating high risk tracking information |
Blocks third-party cookies from installing on your managed endpoints if the cookies originate from malicious tracking websites. This setting applies only to PC endpoints. |
Prevent programs from accessing protected credentials |
Blocks programs from accessing login credentials, for example, when you type your name and password or when you request a website to remember them. This setting applies only to PC endpoints. |
Warn before blocking untrusted programs from accessing protected data |
Opens an alert any time malware attempts to access data, instead of blocking known malware automatically. This setting applies only to PC endpoints. |
Allow trusted screen capture programs access to protected screen contents |
Allows screen capture programs, no matter what content is displayed on the screen. This setting applies only to PC endpoints. |
Enable Identity Shield compatibility mode |
Allows certain applications to run that the Identity shield might block during normal operations. You can enable this option if you notice problems with an application's functions after SecureAnywhere was installed on the endpoint. With this compatibility mode enabled, the endpoint is still protected by the Identity shield's core functionality. This setting applies only to PC endpoints. |
Enable keylogging protection in non-Latin systems |
Allows endpoints with non-Latin systems, such as Japanese and Chinese, to be protected from keyloggers. This setting applies only to PC endpoints. |
Firewall
The Webroot firewall monitors data traffic traveling out of endpoint ports. It looks for untrusted processes that try to connect to the Internet and steal personal information. It works with the Windows firewall, which monitors data traffic coming into your managed endpoints. With both the Webroot and Windows firewall turned on, network data has complete inbound and outbound protection.
The Webroot firewall is preconfigured to filter traffic on your managed endpoints. It works in the background without disrupting normal activities. If the firewall detects unrecognized traffic, it opens an alert. You can either block the traffic or allow it to proceed.
SETTING |
DESCRIPTION |
---|---|
Enabled |
Turns the Firewall on and off. This setting applies only to PC endpoints |
Firewall level |
This setting applies only to PC endpoints |
Show firewall management warnings |
Controls the alert displayed by SecureAnywhere when the Windows firewall is off:
This setting applies only to PC endpoints |
Show firewall process warnings |
Controls the firewall alerts. If this is setting is Off, no firewall alerts display. This option works in conjunction with the Firewall Level settings. For example:
This setting applies only to PC endpoints |
User Interface
Gives administrative control over the SecureAnywhere interface on the endpoints using this policy.
SETTING |
DESCRIPTION |
---|---|
GUI |
Blocks or allows endpoint user access to the main SecureAnywhere interface. If users try to open SecureAnywhere when this option is set to Hide, a message tells them to contact the administrator to access the interface. This setting applies to both PC and Mac endpoints. Note: This option does not also hide the Webroot system tray icon on a PC. However, this option does hide the icon on a Mac. |
System Optimizer
System Optimizer removes traces of the end user's web browsing history, files that display computer use, and unnecessary files that consume valuable disk space, such as files in the Recycle Bin or Windows temporary files. System Optimizer does not run automatically; you need to schedule optimization and select the items you want removed.
Note: Optimization removes unnecessary files and traces, not malware threats. Malware is removed during scans. You can think of System Optimizer as the housekeeper for a computer, while the Scanner serves as the security guard.
SETTING |
DESCRIPTION |
---|---|
Manage System Optimizer centrally |
Enables the administrator to change System Optimizer settings, as follows:
This setting applies only to PC endpoints. |
Schedule |
|
Monday Through Sunday |
Sets the days of the week, anything from one to seven, to automatically run System Optimizer. This setting applies only to PC endpoints. |
Run at specific time of day - hour |
Sets the hour of the day System Optimizer runs on the endpoints. This setting applies only to PC endpoints. |
Run at specific time of day - minute |
Sets the time in 15-minute increments that System Optimizer runs on the endpoints. This setting applies only to PC endpoints. |
Run on bootup if the system was off at the scheduled time |
Launches a missed scheduled cleanup when the endpoint powers on. This is applicable only if the endpoint was off during a scheduled cleanup. Otherwise, skips the missed cleanup. This setting applies only to PC endpoints. |
Enable Windows Explorer right click secure file erasing |
Includes an option for permanently erasing a file or folder in Windows Explorer on the endpoint. A menu item displays when the user right-clicks on a file or folder.
This setting applies only to PC endpoints. |
Windows Desktop |
|
Recycle Bin |
Removes all files from the Recycle Bin in Windows Explorer. This setting applies only to PC endpoints. |
Recent document history |
Clears the history of recently opened files, which is accessible from the Windows Start menu. The cleanup does not delete the actual files. This setting applies only to PC endpoints. |
Start Menu click history |
Clears the history of shortcuts to programs that end users recently opened using the Start menu. This setting applies only to PC endpoints. |
Run history |
Clears the history of commands recently entered into the Run dialog, which is accessible from the Start menu. After the cleanup, the end user may need to restart the computer to completely remove items from the Run dialog. This setting applies only to PC endpoints. |
Search history |
Clears the history of files or other information that the end user searched for on the computer. This history displays when the end user starts entering a new search that starts with the same characters. The cleanup does not delete the actual files. This setting applies only to PC endpoints. |
Start Menu order history |
Reverts the list of programs and documents in the Start menu back to alphabetical order, which is the default setting. After the cleanup runs, the list reverts back to alphabetical order after a system re-boot. This setting applies only to PC endpoints. |
Windows System |
|
Clipboard contents |
Clears the contents from the Clipboard, where Windows stores data used in either the Copy or Cut function from any Windows program. This setting applies only to PC endpoints. |
Windows Temporary folder |
Deletes all files and folders in the Windows temporary folder, but not files that are in use by an open program. This folder is typically: C:\Windows\Temp. This setting applies only to PC endpoints. |
System Temporary folder |
Deletes all files and folders in the system temporary folder, but not files that are in use by an open program. This folder is typically in: C:\Documents and Settings\[username]\Local Settings\Temp. This setting applies only to PC endpoints. |
Windows Update Temporary folder |
Deletes all files and subfolders in this folder, but not files that are in use by an open program. Windows uses these files when a Windows Update runs. These files are typically in C:\Windows\Software\Distribution\Download. This setting applies only to PC endpoints. |
Windows Registry Streams |
Clears the history of recent changes made to the Windows registry. This option does not delete the registry changes themselves. This setting applies only to PC endpoints. |
Default logon user history |
Deletes the Windows registry entry that stores the last name used to log on to your computer. When the registry entry is deleted, end users must enter their user names each time they turn on or restart the computer. This cleanup option does not affect computers that use the default Welcome screen. This setting applies only to PC endpoints. |
Memory dump files |
Deletes the memory dump file (memory.dmp) that Windows creates with certain Windows errors. The file contains information about what happened when the error occurred. This setting applies only to PC endpoints. |
CD burning storage folder |
Deletes the Windows project files, created when the Windows built-in function is used to copy files to a CD. These project files are typically stored in one of the following directories:
or
This setting applies only to PC endpoints. |
Flash cookies |
Deletes bits of data created by Adobe Flash, which can be a privacy concern because they track user preferences. Flash cookies are not actually cookies, and are not controlled through the cookie privacy controls in a browser. This setting applies only to PC endpoints. |
Internet Explorer |
|
Address bar history |
Removes the list of recently visited websites, which is stored as part of Internet Explorer’s AutoComplete feature. This list can be seen from the Address drop-down menu at the top of the Internet Explorer browser. This setting applies only to PC endpoints. |
Cookies |
Deletes all cookies from the endpoint. Be aware that if you remove all cookie files, the end user must re-enter passwords, shopping cart items, and other entries that these cookies stored. This setting applies only to PC endpoints. |
Temporary Internet Files |
Deletes copies of stored web pages that the end user visited recently. This cache improves performance by helping web pages open faster, but can consume a lot of space on the hard drive. This setting applies only to PC endpoints. |
URL history |
Deletes the History list of recently visited websites of the Internet Explorer toolbar. This setting applies only to PC endpoints. |
Setup Log |
Deletes log files created during Internet Explorer updates. This setting applies only to PC endpoints. |
Microsoft Download Folder |
Deletes the contents in the folder that stores files last downloaded using Internet Explorer. This setting applies only to PC endpoints. |
MediaPlayer Bar History |
Removes the list of audio and video files recently opened with the media player in Internet Explorer. The cleanup does not delete the files themselves. This setting applies only to PC endpoints. |
Autocomplete form information |
Deletes data that Internet Explorer stores when the end user entered information into fields on websites. This is part of Internet Explorer’s AutoComplete feature. This setting applies only to PC endpoints. |
Clean index.dat (cleaned on reboot) |
Marks files in the index.dat file for deletion, then clears those files after the system reboots. The index.dat file is a growing Windows repository of web addresses, search queries, and recently opened files. This option works when you also select one or more of the following options: Cookies, Temporary Internet Files, or URL History. Index.dat functions like an active database. It is only cleaned after you reboot Windows. This setting applies only to PC endpoints. |
Secure File Removal |
|
Control the level of security to apply when removing files |
Removes files permanently in a shredding process, which overwrites them with random characters. This shredding feature is a convenient way to make sure no one can ever access the endpoint's files with a recovery tool. By default, file removal is set to Normal, which means items are deleted permanently, bypassing the Recycle Bin. However, with the Normal setting, data recovery utilities could restore the files. To make sure files can never be recovered, select Maximum. Medium overwrites files with three passes, whereas Maximum overwrites files with seven passes and cleans the space around the files. Also be aware that cleanup operations take longer when you select Medium or Maximum. This setting applies only to PC endpoints. |