Editing Policies

Once you create a policy, you can edit its settings to suit your business purposes. For more information, see Creating Policies .

Note: You cannot change Webroot default policy settings.

The following policies control management console sites.

SECTION

DESCRIPTION

Basic Configuration

General preferences that change the behavior of the SecureAnywhere program, such as whether the program icon displays in the endpoint's system tray and whether the user can shut down the program.

Scan Schedule

Allows you to run scans at different times, change the scanning behavior, or turn off automatic scanning. If you do not modify the scan schedule, SecureAnywhere launches scans automatically every day, at about the same time you installed the software.

Scan Settings

Provides more control over scans, such as performing a more thorough scan.

Self Protection

Provides additional protection that prevents malicious software from modifying the SecureAnywhere program settings and processes on the endpoint. If SecureAnywhere detects another product attempting to interfere with its functions, it launches a protective scan to look for threats.

Heuristics

Provides threat analysis that SecureAnywhere performs when scanning endpoints. Heuristics can be adjusted for separate areas of the endpoints, including the local drive, USB drives, the Internet, the network, CD/DVDs, and when the endpoint is offline.

Realtime Shield

Blocks known threats listed in Webroot's threat definitions and in Webroot's community database.

Behavior Shield

Analyzes applications and processes running on the endpoints.

Core System Shield

Monitors the computer system structures to ensure that malware has not tampered with them.

Web Threat Shield

Protects endpoints as users surf the Internet and click links in search results.

Identity Shield

Protects from identity theft and financial loss. It ensures that sensitive data is protected, while safe-guarding users from keyloggers, screen-grabbers, and other information-stealing techniques.

Firewall

Monitors data traffic traveling out of computer ports. It looks for untrusted processes that try to connect to the Internet and steal personal information. The Webroot firewall works in conjunction with the Windows firewall, which monitors data traffic coming into the endpoints.

User Interface

Provides user access to the SecureAnywhere program on the endpoint.

System Optimizer

Controls System Optimizer behavior, such as an automatic optimization schedule and what types of files and traces to remove from the endpoint.

Evasion Shield

Detects, blocks, and remediates (quarantines) evasive attacks, whether they are file-based, fileless, obfuscated, or encrypted, and prevents malicious behaviors from executing.

To edit a policy:

  1. Log in to the management console.

    The management console displays, with the Sites tab active.

  2. Click the Policies tab.

    The Policies tab displays.

  3. In the Policies column, click a policy to display its settings.

    The policy's settings window displays, with the Basic Configuration setting selected.

    The Setting column displays the name of the policy, in addition to which:

    • Settings that apply to PC only are indicated by the Windows icon.

    • Settings that apply to PC and Mac are indicated by both the Windows icon and the Mac icon.

    The On/Off column displays how the setting is currently implemented on the endpoints.

  4. From the Policy Section drop-down menu, select the category you want to edit.

  5. Select either On or Off for that setting.

    For a complete description of each setting, see the following tables in this procedure.

     

  6. When you're done making changes for a selection, click the Save button.

     

Basic Configuration Settings

The Basic Configuration settings control the behavior of the SecureAnywhere software on sites.

SETTING

DESCRIPTION

Show a SecureAnywhere shortcut on the desktop

Provides quick access to the main interface by placing the shortcut icon on the endpoint desktop.

This setting applies only to PC endpoints.

Show a system tray icon

Provides quick access to SecureAnywhere functions by placing the Webroot icon in the endpoint system tray.

This setting applies only to PC endpoints.

Show a splash screen on bootup

Opens the Webroot splash screen when the endpoint starts.

This setting applies only to PC endpoints.

Show SecureAnywhere in the Start Menu

Lists SecureAnywhere in the Windows Startup menu items.

This setting applies only to PC endpoints.

Show SecureAnywhere in Add/Remove Programs

Lists SecureAnywhere in the Windows Add/Remove Programs panel.

This setting applies only to PC endpoints.

Show SecureAnywhere in Windows Action Center

Lists SecureAnywhere in the Windows Action Center, under Virus Protection information.

This setting applies only to PC endpoints.

Hide the SecureAnywhere keycode on-screen

Hides the keycode on the endpoint's My Account panel. Asterisks replace the code, except for the first four digits.

This setting applies to both PC and Mac endpoints.

Automatically download and apply updates

Downloads product updates automatically without alerting the endpoint user.

This setting applies to both PC and Mac endpoints.

Operate background functions using fewer CPU resources

Saves CPU resources by running non-scan related functions in the background.

This setting applies to both PC and Mac endpoints.

Favor low disk usage over verbose logging (fewer details stored in logs)

Saves disk resources by saving only the last four log items.

This setting applies only to PC endpoints.

Lower resource usage when intensive applications or games are detected

Suppresses SecureAnywhere functions while the user is gaming, watching videos, or using other intensive applications.

This setting applies to both PC and Mac endpoints.

Allow SecureAnywhere to be shut down manually

Displays a Shutdown command in the endpoint's system tray menu. Deselecting this option removes the Shutdown command from the menu.

This setting applies to both PC and Mac endpoints.

Force non-critical notifications into the background

Suppresses information-only messages from displaying in the system tray.

This setting applies only to PC endpoints.

Fade out warning messages automatically

Closes warning dialogs in the system tray after a few seconds. If you disable this option, the user must manually click on a message to close it.

This setting applies to both PC and Mac endpoints.

Store Execution History details

Stores data for the Execution History logs, available under Reports.

This setting applies only to PC endpoints.

Poll interval

Specifies how often the endpoint checks for updates. For example: 15 minutes, 30 minutes, 1 hour, or 2 hours.

This setting applies to both PC and Mac endpoints.

Scan Schedule

SecureAnywhere runs scans automatically every day, at about the same time you installed the software. You can use the Scan Schedule settings to change the schedules and run scans at different times.

SETTING

DESCRIPTION

Enable Scheduled Scans

Allows scheduled scans to run on the endpoint.

This setting applies to both PC and Mac endpoints.

Scan Frequency

Determines how often to run the scan. You can set a day of the week or select on bootup.

This setting applies to both PC and Mac endpoints.

Time

Specifies the time to run the scan:

  • Scan time options for when computer is idle are before 8:00 a.m., before noon, before 5:00 p.m., or before midnight.
  • Scan time options for when resources are available are hourly, from 12:00 a.m. to 11:00 p.m.

This setting applies to both PC and Mac endpoints.

Scan on bootup if the computer is off at the scheduled time

Launches a scheduled scan within an hour after the user turns on the computer, if the scan did not run at the normally scheduled time. If this option is disabled, SecureAnywhere ignores missed scans.

This setting applies to both PC and Mac endpoints.

Hide the scan progress window during scheduled scans

Runs scans silently in the background. If this option is disabled, a window opens and displays the scan progress.

This setting applies only to PC endpoints.

Only notify me if an infection is found during a scheduled scan

Opens an alert only if it finds a threat. If this option is disabled, a small status window opens when the scan completes, whether a threat was found or not.

This setting applies only to PC endpoints.

Do not perform scheduled scans when on battery power

Helps conserve battery power. If you want SecureAnywhere to launch scheduled scans when the endpoint is on battery power, deselect this option.

This setting applies to both PC and Mac endpoints.

Do not perform scheduled scans when a full screen application or game is open

Ignores scheduled scans when the user is viewing a full-screen application, such as a movie or a game. Deselect this option if you want scheduled scans to run anyway.

This setting applies to both PC and Mac endpoints.

Randomize the time of scheduled scans up to one hour for distributed scanning

Determines the best time for scanning, based on available system resources, and runs the scan within an hour of the scheduled time. If you want to force the scan to run at the scheduled time, deselect this option.

This setting applies only to PC endpoints.

Perform a scheduled Quick Scan instead of a Deep Scan

Runs a quick scan of memory. We recommend that you keep this option deselected, so that deep scans run for all types of malware in all locations.

This setting applies only to PC endpoints.

Scan Settings

Scan settings give advanced control over scanning performance.

SETTING

DESCRIPTION

Enable Realtime Master Boot Record (MBR) Scanning

Protects the endpoint against master boot record (MBR) infections. An MBR infection can modify core areas of the system so that they load before the operating system and can infect the computer. We recommend that you keep this option selected. It adds only a small amount of time to the scan.

This setting applies only to PC endpoints.

Enable Enhanced Rootkit Detection

Checks for rootkits and other malicious software hidden on disk or in protected areas. Spyware developers often use rootkits to avoid detection and removal. We recommend that you keep this option selected. It adds only a small amount of time to the scan.

This setting applies only to PC endpoints.

Enable "right-click" scanning in Windows Explorer

Enables an option for scanning the currently selected file or folder in the Windows Explorer right-click menu. This option is helpful if the user downloads a file and wants to scan it quickly.

This setting applies only to PC endpoints.

Update the currently scanned folder immediately as scanned

Displays a full list of files as SecureAnywhere scans each one. If you want to increase scan performance slightly, deselect this option so that file names only update once per second on the panel. SecureAnywhere will still scan all files, just not take the time to display each one on the screen.

This setting applies only to PC endpoints.

Favor low memory usage over fast scanning

Reduces RAM usage in the background by using less memory during scans, but scans will also run a bit slower. Deselect this option to run faster scans and use more memory.

This setting applies only to PC endpoints.

Favor low CPU usage over fast scanning

Reduces CPU usage during scans, but scans will also run a bit slower. Deselect this option to run faster scans.

This setting applies only to PC endpoints.

Save non-executable file details to scan logs

Saves all file data to the scan log, resulting in a much larger log file. Leave this option deselected to save only executable file details to the log.

This setting applies only to PC endpoints.

Show the "Authenticating Files" popup when a new file is scanned on-execution

Opens a small dialog whenever the user runs a program for the first time. Leave this option deselected if you do not want users to see this dialog.

This setting applies only to PC endpoints.

Scan archived files

Scans compressed files in zip, rar, cab, and 7-zip archives.

This setting applies to both PC and Mac endpoints.

Automatically reboot during cleanup without prompting

Restarts the computer after running a clean-up, which is the process of removing all traces of a malware file.

This setting applies only to PC endpoints.

Never reboot during malware cleanup

Prevents the endpoint from restarting during cleanup, which is the process of removing all traces of a malware file.

This setting applies only to PC endpoints.

Automatically remove threats found during background scans

Removes threats during scans that run in the endpoint's background and sends them to quarantine.

This setting applies only to PC endpoints.

Automatically remove threats found on the learning scan

Removes threats during the first scan on the endpoint and sends them to quarantine.

This setting applies only to PC endpoints.

Enable Enhanced Support

Allows logs to be sent to Webroot customer support.

This setting applies only to PC endpoints.

Show Infected Scan Results

Displays scan results. If not enabled, the endpoint does not display scan results even if malware is detected.

This setting applies only to PC endpoints.

Detect Possibly Unwanted Applications (PUAs) as malicious

Detects PUAs and blocks them from installing.

Potentially unwanted applications (PUAs) are programs that aren't necessarily malicious but contain adware, toolbars, or other unwanted additions to your system. Generally, PUAs are not malicious but may be unsuitable for use in a business environment, and may create security concerns.

If a PUA is already on the system Webroot SecureAnywhere will detect the main program but may not be able to fully remove all aspects of it.

This setting applies only to PC endpoints.

Allow Files to be Submitted for Threat Research

Allows you to submit files for threat research.

This setting applies only to PC endpoints.

Self Protection Settings

Self Protection prevents malicious software from modifying the SecureAnywhere program settings and processes. If SecureAnywhere detects that another product is attempting to interfere with its functions, it launches a protective scan to look for threats. It will also update the internal self protection status to prevent incompatibilities with other software.

Note: We recommend that you leave Self Protection at the Maximum settings, unless you use other security software in addition to SecureAnywhere. If you use additional security software, adjust Self Protection to Medium or Minimum. The Maximum setting might interfere with other security software.

SETTING

DESCRIPTION

Enable self-protection response cloaking

Turns self-protection on and off.

This setting applies only to PC endpoints.

Self-protection level

Sets the detection level to:

  • Minimum — Protects the integrity of the SecureAnywhere settings and databases. Recommended if the endpoint has several other security products installed.
  • Medium — Prevents other programs from disabling protection. Provides maximum possible compatibility with other security software.
  • Maximum — Provides the highest protection of the SecureAnywhere processes. We recommend that you use this setting.

This setting applies only to PC endpoints.

Heuristics

With heuristics, you can set the level of threat analysis that SecureAnywhere performs when scanning managed endpoints. SecureAnywhere includes three types of heuristics: advanced, age, and popularity.

You can adjust these types of heuristics for several areas:

For each of these areas, you can set the following options:

SETTING

DESCRIPTION

Advanced Heuristics

Analyzes new programs for suspicious actions that are typical of malware.

  • Disabled — Turns off Advanced Heuristics, leaving it vulnerable to new threats; however, it will still be protected against known threats.
  • Low — Detects programs with a high level of malicious activity. This setting ignores some suspicious behavior and allows most programs to run.
  • Medium — Balances detection versus false alarms by using our tuned heuristics in the centralized community database.
  • High — Protects against a wide range of new threats. Use this setting if you think your system is infected or at very high risk. This setting may result in false detections.
  • Maximum — Provides the highest level of protection against new threats. Use this setting if you think that your system is infected or at very high risk. This setting may result in false detections.\

This setting applies only to PC endpoints.

Age Heuristics

Analyzes new programs based on the amount of time the program has been in the community. Legitimate programs are generally used in a community for a long time, but malware often has a short life span.

  • Disabled — Turns off Age Heuristics, leaving it vulnerable to new threats; however, it will still be protected against known threats.
  • Low — Detects programs that have been created or modified very recently.
  • Medium — Detects programs that are fairly new and not trusted, preventing zero-day or zero-hour attacks. We recommend using this setting if you do not allow unpopular programs to be installed on your managed endpoints and you want extra security to prevent mutating threats.
  • High — Detects programs that have been created or modified in a relatively short time and are not trusted. This setting is recommended only if new programs are rarely installed on your managed endpoints, and if you feel that your systems are relatively constant. This setting might generate a higher level of false detections on more obscure or unpopular programs.
  • Maximum — Detects all untrusted programs that have been created or modified fairly recently. Use this setting only if your managed endpoints are in a high-risk situation, or if you think that they are currently infected.

This setting applies only to PC endpoints.

Popularity Heuristics

Analyzes new programs based on statistics for how often the program is used in the community and how often it changes. Legitimate programs do not change quickly, but malware often mutates at a rapid pace. Malware may install as a unique copy on every computer, making it statistically unpopular.

  • Low — Detects programs that are seen for the first time. This setting is recommended if new or beta programs are frequently installed on your managed endpoints, or if endpoint users are software developers who frequently create new programs.
  • Medium — Detects unpopular and mutating programs, preventing zero-day and zero-hour attacks. We recommend using this setting if you do not allow new programs to be installed frequently on your managed endpoints and you want extra security over standard settings.
  • High — Detects programs that a significant percentage of the community has seen. This setting is recommended if you do not allow new programs on your managed endpoints and you suspect that they are currently infected.
  • Maximum —Detects programs that a large percentage of the community has seen. We recommend this setting if you think your managed endpoints are at very high risk, and you accept that you might receive false detections because of the strict heuristic rules.

This setting applies only to PC endpoints.

Realtime Shield Settings

The Realtime shield blocks known threats that are listed in Webroot's threat definitions and community database. If the shield detects a suspicious file, it opens an alert and prompts you to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage to the endpoint or steals its information.

SETTING

DESCRIPTION

Realtime Shield Enabled

Turns the Realtime shield on and off.

This setting applies to both PC and Mac endpoints.

Enable Predictive Offline Protection from the central SecureAnywhere database

Downloads a small threat definition file to your managed endpoints, protecting them even when they are offline. We recommend that you leave this setting on.

This setting applies only to PC endpoints.

Remember actions on blocked files

Remembers how the user responded to an alert, whether they allowed a file or blocked it, and will not prompt again when it encounters the same file. If this setting is deselected, SecureAnywhere opens an alert every time it encounters the file in the future.

This setting applies only to PC endpoints.

Automatically quarantine previously blocked files

Opens an alert when it encounters a threat and allows the user to block it and send it to quarantine. If this setting is off, the user must run a scan manually to remove a threat.

This setting applies to both PC and Mac endpoints.

Automatically block files when detected on execution

Blocks threats and sends them to quarantine. If this setting is off, the user must respond to lerts about detected threats.

This setting applies to both PC and Mac endpoints.

Scan files when written or modified

Scans any new or modified files that are saved to disk. If this setting is off, it ignores new file installations; however, it still alerts the user if a threat tries to launch.

This setting applies to both PC and Mac endpoints.

Block threats automatically if no user is logged in

Stops threats from executing even when managed endpoints are logged off. Threats are sent to quarantine without notification.

This setting applies to both PC and Mac endpoints.

Show realtime event warnings

Opens an alert when suspicious activity occurs.

This setting applies only to PC endpoints.

Show realtime block modal alerts

Displays alerts when Heuristics detects malware, and prompts the user to allow or block the action.

If Heuristics is set to Warn when new programs execute that are not known good, then this setting must be set to On. Otherwise, users will not see the alert.

This setting applies only to PC endpoints.

Show realtime block notifications

Displays a tray notification if the Realtime shield detects malware. If this setting is off, there is no tray notification, but malware is blocked and the home page displays that threats were detected.

This setting applies only to PC endpoints.

Behavior Shield Settings

The Behavior shield analyzes the applications and processes running on your managed endpoints. If it detects a suspicious file, it opens an alert and prompts you to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage to managed endpoints or steals information.

SETTING

DESCRIPTION

Behavior Shield Enabled

Turns the Behavior shield on and off.

This setting applies only to PC endpoints.

Assess the intent of new programs before allowing them to execute

Watches the program's activity before allowing it to run. If it seems okay, SecureAnywhere allows it to launch and continues to monitor its activity.

This setting applies only to PC endpoints.

Enable advanced behavior interpretation to identify complex threats

Analyzes a program to examine its intent. For example, a malware program might perform suspicious activities like modifying a registry entry, then sending an email.

This setting applies only to PC endpoints.

Track the behavior of untrusted programs for advanced threat removal

Watches programs that have not yet been classified as legitimate or as malware.

This setting applies only to PC endpoints.

Automatically perform the recommended action instead of showing warning messages

Does not prompt the user to allow or block a potential threat. SecureAnywhere determines how to manage the item.

This setting applies only to PC endpoints.

Warn if untrusted programs attempt low-level system modifications when offline

Opens an alert if an unclassified program tries to make changes to your managed endpoints when they are offline. SecureAnywhere cannot check its online threat database if endpoints are disconnected from the Internet.

This setting applies only to PC endpoints.

Core System Shield

The Core System shield monitors system structures of your managed endpoints and makes sure malware has not tampered with them. If the shield detects a suspicious file trying to make changes, it opens an alert and prompts the user to block or allow the item. If it detects a known threat, it immediately blocks and quarantines the item before it causes damage or steals information.

SETTING

DESCRIPTION

Core System Shield Enabled

Turns the Core System shield on and off.

This setting applies only to PC endpoints.

Assess system modifications before they are allowed to take place

Intercepts any activity that attempts to make system changes on your managed endpoints, such as a new service installation.

This setting applies only to PC endpoints.

Detect and repair broken system components

Locates corrupted components, such as a broken Layered Service Provider (LSP) chain or a virus-infected file, then restores the component or file to its original state.

This setting applies only to PC endpoints.

Prevent untrusted programs from modifying kernel memory

Stops unclassified programs from changing the kernel memory.

This setting applies only to PC endpoints.

Prevent untrusted programs from modifying system processes

Stops unclassified programs from changing system processes.

This setting applies only to PC endpoints.

Verify the integrity of the LSP chain and other system structures

Monitors the Layered Service Provider (LSP) chain and other system structures to make sure malware does not corrupt them.

This setting applies only to PC endpoints.

Prevent any program from modifying the HOSTS file

Stops spyware from attempting to add or change the IP address for a website in the Hosts file, and opens an alert for the user to block or allow the changes.

This setting applies to both PC and Mac endpoints.

Web Threat Shield

The Web Threat shield protects your endpoints as users surf the Internet. If it detects a website that might be a threat, it opens an alert for users to block the site or continue despite the warning. When they use a search engine, this shield analyzes all the links on the search results page, then displays an image next to each link that signifies whether it's a trusted site, displaying a green checkmark, or a potential risk, indicated by a red X.

SETTING

DESCRIPTION

Enable Web Threat Shield

Turns the Web Threat shield on and off.

This setting is turned On by default, which is the setting we recommend.

This setting applies to both PC and Mac endpoints.

Activate browser extension

Browser extensions provide blocking protection against malicious websites, realtime anti-phishing protection, and safety ratings when using search engines. Each function can be enabled or disabled separately using the individual controls for each function described in this table.

To completely disable and remove extensions from each supported browser, change the setting to Off.

This setting is turned On by default, which is the setting we recommend.

This setting applies only to PC endpoints.

Block malicious websites

Any URLs and IPs you enter in a browser are checked and a block page displays for known malicious sites.

This setting is turned On by default, which is the setting we recommend.

This setting applies to both PC and Mac endpoints.

Enable real-time anti-phising

Protects against zero-day phishing sites. Zero-day phishing sites are sites that have never been seen before, and their related viruses do not yet have a definition.

This setting is turned On by default, which is the setting we recommend.

This setting applies to both PC and Mac endpoints.

Show safety ratings when using search engines

Search result are annotated with an icon and tooltip, indicating the likelihood that a site is malicious.

This setting is turned On by default, which is the setting we recommend.

This setting applies to both PC and Mac endpoints.

Enable web filtering driver

Provides additional protection against malicious connections, and in cases where the browser extensions are disabled.

This setting is turned On by default, which is the setting we recommend.

Suppress the user's ability to bypass blocked websites

Prevents users from bypassing the block page presented when a malicious website is detected.

This setting is turned On by default, which is the setting we recommend.

This setting applies to both PC and Mac endpoints.

Suppress the user's ability to request website review

Prevents users from submitting website reviews from the block page when a malicious website is detected.

This setting is turned On by default, which is the setting we recommend.

This setting applies to both PC and Mac endpoints.

Identity Shield

The Identity shield protects sensitive data that might be exposed during online transactions. You can change the behavior of the Identity shield and control what it blocks.

SETTING

DESCRIPTION

Identity Shield Enabled

Turns the Identity shield on and off.

This setting applies to both PC and Mac endpoints.

Note: On Mac, this controls the Secure Keyboard Entry Mode setting.

Look for identity threats online

Analyzes websites as users browse the Internet or open links. If the shield detects malicious content, it blocks the site and opens an alert.

This setting applies only to PC endpoints.

Verify websites for phishing threats

Analyzes websites for phishing threats as users browse the Internet or open links. If the shield detects a phishing threat, it blocks the site and opens an alert.

This setting applies only to PC endpoints.

Verify websites when visited to determine legitimacy

Analyzes the IP address of each website to determine if it has been redirected or is on our blacklist. If the shield detects an illegitimate website, it blocks the site and opens an alert.

This setting applies only to PC endpoints.

Verify the DNS/IP resolution of websites to detect Man-in-the-Middle attacks

Looks for servers that could be redirecting users to a malicious website, such as a man-in-the-middle attack. If the shield detects a man-in-the-middle attack, it blocks the threat and opens an alert.

This setting applies only to PC endpoints.

Block websites from creating high risk tracking information

Blocks third-party cookies from installing on your managed endpoints if the cookies originate from malicious tracking websites.

This setting applies only to PC endpoints.

Prevent programs from accessing protected credentials

Blocks programs from accessing login credentials, for example, when you type your name and password or when you request a website to remember them.

This setting applies only to PC endpoints.

Warn before blocking untrusted programs from accessing protected data

Opens an alert any time malware attempts to access data, instead of blocking known malware automatically.

This setting applies only to PC endpoints.

Allow trusted screen capture programs access to protected screen contents

Allows screen capture programs, no matter what content is displayed on the screen.

This setting applies only to PC endpoints.

Enable Identity Shield compatibility mode

Allows certain applications to run that the Identity shield might block during normal operations. You can enable this option if you notice problems with an application's functions after SecureAnywhere was installed on the endpoint. With this compatibility mode enabled, the endpoint is still protected by the Identity shield's core functionality.

This setting applies only to PC endpoints.

Enable keylogging protection in non-Latin systems

Allows endpoints with non-Latin systems, such as Japanese and Chinese, to be protected from keyloggers.

This setting applies only to PC endpoints.

Firewall

The Webroot firewall monitors data traffic traveling out of endpoint ports. It looks for untrusted processes that try to connect to the Internet and steal personal information. It works with the Windows firewall, which monitors data traffic coming into your managed endpoints. With both the Webroot and Windows firewall turned on, network data has complete inbound and outbound protection.

The Webroot firewall is preconfigured to filter traffic on your managed endpoints. It works in the background without disrupting normal activities. If the firewall detects unrecognized traffic, it opens an alert. You can either block the traffic or allow it to proceed.

SETTING

DESCRIPTION

Enabled

Turns the Firewall on and off.

This setting applies only to PC endpoints.

Firewall level

  • Default Allow — Allows all processes to connect to the Internet, unless explicitly blocked.
  • Warn unknown and infected — Warns if any new, untrusted processes connect to the Internet, if the endpoint is infected.
  • Warn unknown — Warns if a new, untrusted process connects to the Internet.
  • Default Block — Warns if any process connects to the Internet, unless explicitly blocked.

This setting applies only to PC endpoints.

Show firewall management warnings

Controls the alert displayed by SecureAnywhere when the Windows firewall is off:

  • On — The user sees an alert when SecureAnywhere detects that the Windows firewall is off.
  • Off — No alert displays when the Windows firewall is off.

This setting applies only to PC endpoints.

Show firewall process warnings

Controls the firewall alerts. If this is setting is Off, no firewall alerts display . This option works in conjunction with the Firewall Level settings.

For example:

  • If Show firewall process warnings and Default Block options are both set to On, the endpoint user sees an alert if a new process tries to connect.
  • If Show Firewall process warnings is set to Off, no alert displays to the endpoint user and the process is allowed.

This setting applies only to PC endpoints.

User Interface

Gives administrative control over the SecureAnywhere interface on the endpoints using this policy.

SETTING

DESCRIPTION

GUI

Blocks or allows endpoint user access to the main SecureAnywhere interface. If users try to open SecureAnywhere when this option is set to Hide, a message tells them to contact the administrator to access the interface.

This setting applies to both PC and Mac endpoints.

Note: This option does not also hide the Webroot system tray icon on a PC. However, on a Mac, this option does hide the Webroot system tray icon.

System Optimizer

System Optimizer removes traces of the end user's web browsing history, files that display computer use, and unnecessary files that consume valuable disk space, such as files in the Recycle Bin or Windows temporary files. System Optimizer does not run automatically; you need to schedule cleanups and select the items you want removed.

Note: Optimization removes unnecessary files and traces, not malware threats. Malware are removed during scans. You can think of System Optimizer as the housekeeper for a computer, while the Scanner serves as the security guard.

SETTING

DESCRIPTION

Manage System Optimizer centrally

Enables the administrator to change System Optimizer settings, as follows:

  • On — System Optimizer settings display in the panel and are available to change.
  • Off — No settings display in this panel.

This setting applies only to PC endpoints.

Schedule

Monday through Sunday

Sets the days of the week, anything from one to seven, to automatically run System Optimizer.

This setting applies only to PC endpoints.

Run at specific time of day - hour

Sets the hour of the day System Optimizer runs on the endpoints.

This setting applies only to PC endpoints.

Run at specific time of day - minute

Sets the time in 15-minute increments that System Optimizer runs on the endpoints.

This setting applies only to PC endpoints.

Run on bootup if the system was off at the scheduled time

Launches a missed scheduled cleanup when the endpoint powers on. This is applicable only if the endpoint was off during a scheduled cleanup. Otherwise, skips the missed cleanup.

This setting applies only to PC endpoints.

Enable Windows Explorer right click secure file erasing

Includes an option for permanently erasing a file or folder in Windows Explorer on the endpoint. A menu item displays when the user right-clicks on a file or folder:

This setting applies only to PC endpoints.

Windows Desktop

Recycle Bin

Removes all files from the Recycle Bin in Windows Explorer.

This setting applies only to PC endpoints.

Recent document history

Clears the history of recently opened files, which is accessible from the Windows Start menu. The cleanup does not delete the actual files.

This setting applies only to PC endpoints.

Start Menu click history

Clears the history of shortcuts to programs that end users recently opened using the Start menu.

This setting applies only to PC endpoints.

Run history

Clears the history of commands recently entered into the Run dialog, which is accessible from the Start menu.

After the cleanup, the end user may need to restart the computer to completely remove items from the Run dialog.

This setting applies only to PC endpoints.

Search history

Clears the history of files or other information that the end user searched for on the computer. This history displays when the end user starts entering a new search that starts with the same characters. The cleanup does not delete the actual files.

This setting applies only to PC endpoints.

Start Menu order history

Reverts the list of programs and documents in the Start menu back to alphabetical order, which is the default setting. After the cleanup runs, the list reverts back to alphabetical order after a system re-boot.

This setting applies only to PC endpoints.

Windows System

Clipboard contents

Clears the contents from the Clipboard, where Windows stores data used in either the Copy or Cut function from any Windows program.

This setting applies only to PC endpoints.

Windows Temporary folder

Deletes all files and folders in the Windows temporary folder, but not files that are in use by an open program. This folder is typically: C:\Windows\Temp.

This setting applies only to PC endpoints.

System Temporary folder

Deletes all files and folders in the system temporary folder, but not files that are in use by an open program. This folder is typically in: C:\Documents and Settings\[username]\Local Settings\Temp.

This setting applies only to PC endpoints.

Windows Update Temporary folder

Deletes all files and subfolders in this folder, but not files that are in use by an open program. Windows uses these files when a Windows Update runs. These files are typically in C:\Windows\Software\Distribution\Download.

This setting applies only to PC endpoints.

Windows Registry Streams

Clears the history of recent changes made to the Windows registry. This option does not delete the registry changes themselves.

This setting applies only to PC endpoints.

Default logon user history

Deletes the Windows registry entry that stores the last name used to log on to your computer. When the registry entry is deleted, end users must enter their user names each time they turn on or restart the computer. This cleanup option does not affect computers that use the default Welcome screen.

This setting applies only to PC endpoints.

Memory dump files

Deletes the memory dump file (memory.dmp) that Windows creates with certain Windows errors. The file contains information about what happened when the error occurred.

This setting applies only to PC endpoints.

CD burning storage folder

Deletes the Windows project files, created when the Windows built-in function is used to copy files to a CD. These project files are typically stored in one of the following directories:

C:\Documents and Settings\[username]\Local Settings\Application Data\Microsoft\CDBurning

or

C:\Users\[username]\AppData\Local\Microsoft\Windows\Burn\Burn

This setting applies only to PC endpoints.

Flash cookies

Deletes bits of data created by Adobe Flash, which can be a privacy concern because they track user preferences. Flash cookies are not actually cookies, and are not controlled through the cookie privacy controls in a browser.

This setting applies only to PC endpoints.

Internet Explorer

Address bar history

Removes the list of recently visited websites, which is stored as part of Internet Explorer’s AutoComplete feature. You see this list when you click the arrow on the right side of the Address drop-down list at the top of the Internet Explorer browser.

This setting applies only to PC endpoints.

Cookies

Deletes all cookies from the endpoint. Be aware that if you remove all cookie files, the end user must re-enter passwords, shopping cart items, and other entries that these cookies stored.

This setting applies only to PC endpoints.

Temporary Internet Files

Deletes copies of stored web pages that the end user visited recently. This cache improves performance by helping web pages open faster, but can consume a lot of space on the hard drive.

This setting applies only to PC endpoints.

URL history

Deletes the History list of recently visited websites of the Internet Explorer toolbar.

This setting applies only to PC endpoints.

Setup Log

Deletes log files created during Internet Explorer updates.

This setting applies only to PC endpoints.

Microsoft Download Folder

Deletes the contents in the folder that stores files last downloaded using Internet Explorer.

This setting applies only to PC endpoints.

MediaPlayer Bar History

Removes the list of audio and video files recently opened with the media player in Internet Explorer. The cleanup does not delete the files themselves.

This setting applies only to PC endpoints.

Autocomplete form information

Deletes data that Internet Explorer stores when the end user entered information into fields on websites. This is part of Internet Explorer’s AutoComplete feature.

This setting applies only to PC endpoints.

Clean index.dat (cleaned on reboot)

Marks files in the index.dat file for deletion, then clears those files after the system reboots. The index.dat file is a growing Windows repository of web addresses, search queries, and recently opened files. This option works when you also select one or more of the following options: Cookies, Temporary Internet Files, or URL History. Index.dat functions like an active database. It is only cleaned after you reboot Windows.

This setting applies only to PC endpoints.

Secure File Removal

Control the level of security to apply when removing files

Removes files permanently in a shredding process, which overwrites them with random characters. This shredding feature is a convenient way to make sure no one can ever access the endpoint's files with a recovery tool.

By default, file removal is set to Normal, which means items are deleted permanently, bypassing the Recycle Bin. However, with the Normal setting, data recovery utilities could restore the files. If you want to make sure files can never be recovered, select Maximum. Medium overwrites files with three passes, whereas Maximum overwrites files with seven passes and cleans the space around the files. Also be aware that cleanup operations take longer when you select Medium or Maximum.

This setting applies only to PC endpoints.

Evasion Shield Settings

Evasion shield will detect and block malicious script files including JS, VBS, powershell, wscript, cscript, macros, and more. This shield includes file-based scripts as well as file-less scripts which often evade other malware detection software. On Windows 10, there is enhanced protection for file-less scripts, obfuscated scripts, and other sophisticated script attacks.

Note: You will also need to ensure that each device has upgraded to the latest Webroot Business Endpoint Protection agent version 9.0.28.00 or higher. Earlier agent versions will not fully support Evasion Shield protection.

SETTING

DESCRIPTION

Script Protection

Sets the protection level to:

  • Off
  • Detect and Report — Threats will be detected, reported to the console and not quarantined.
  • Detect and Remediate — Threats will be detected, reported to the console and quarantined.

This setting applies only to PC endpoints.