Skip to main content
Customer Support Customer Support
Answer

Buisness endpoint protection - monitor shutdown protection and webroot startup

  • March 26, 2020
  • 2 replies
  • 213 views
D
Fresh Face
Forum|alt.badge.img+3

 I am new to this group, so please tell me where the most appropriate place this question should be placed.

 

I have a bunch of developers who do stuff that once in a while Business Endpoint Protection complains.

 

From what I can ascertain, in the policies I enable the policy “Allow SecureAnywhere to be shutdown manually”.  From what I can see this is the only way to allow developers access to the HOSTS file for example.

 

I need to be able to monitor the Manual Shutdown of and startup.  I see that the Windows Application Event Log Security Center application creates events and records “Updated Webroot SecureAnywhere status successfully to SECURITY_PRODUCT_STATE_OFF.” and “Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.”

 

Is there a way from within the Webroot Business Console to get this information for an endpoint?

 

Or is the only way to do this is to create a central event log manager?

 

Thank you,

 

David

Best answer by coscooper

@David Woodson  - Welcome to the Webroot Community. This is as good a place to ask questions about endpoint for business as any. 8-)


Quick answer is to check the WRSVC service. If it’s running, then WR is running. If it’s not, then it’s been shut down manually and cleanly. (There’s a registry setting to detect if WR was shut down clean, which usually means using this policy setting.)

This is the cleanest method for your specific situation.

    TripleHelix
    This topic has been closed for replies.

    2 replies

    coscooper
    Forum|alt.badge.img+26
    • coscooper
    • Manager, Channel Sales
    • Answer
    • March 26, 2020

    @David Woodson  - Welcome to the Webroot Community. This is as good a place to ask questions about endpoint for business as any. 8-)


    Quick answer is to check the WRSVC service. If it’s running, then WR is running. If it’s not, then it’s been shut down manually and cleanly. (There’s a registry setting to detect if WR was shut down clean, which usually means using this policy setting.)

    This is the cleanest method for your specific situation.

    Shane Cooper | Manager, Channels Sales (RMM & Strategic Partners)
    K
    D
    Fresh Face
    Forum|alt.badge.img+3
    • David Woodson
    • Author
    • Fresh Face
    • April 17, 2020

    Thank you

    Terms & ConditionsAccessibility statement