Skip to main content

Hi there,

We’ve been exploring some of the newer features with Webroot and I am curious if the Isolate function can be triggered automatically by the endpoint agent.

The documentation seems to indicate that it is only a manual process, but that seems ineffective. By the time we have someone in the portal clicking the isolate button, it’s probably too late to do much good.

Thanks for your help!

Matt

Hello ​@kleinmat4103 

 

Yes but be very careful!! From the Agent/Client itself.

 

 

 

Hope that’s what your looking for?

 

I haven’t tried this way below.

 

 

Maybe others might have other suggestions.


Thanks!

I was more looking for something like a ransomware detection function.

Like if a canary file is deleted or modified on the endpoint, the computer is automatically isolated and we generate an alert on our end to check it out.


There was a blog post, Announcing new EDR capabilities for Webroot Endpoint Protection that seems to be scrubbed from the site. I shared it with some of my colleagues at the time so still have the link.

https://www.webroot.com/blog/2024/08/19/announcing-new-edr-capabilities-for-webroot-endpoint-protection/

I see the isolate option is available in the portal, but maybe Webroot backed off EDR claims? If so, that’s a bit disappointing.


There was a blog post, Announcing new EDR capabilities for Webroot Endpoint Protection that seems to be scrubbed from the site. I shared it with some of my colleagues at the time so still have the link.

https://www.webroot.com/blog/2024/08/19/announcing-new-edr-capabilities-for-webroot-endpoint-protection/

I see the isolate option is available in the portal, but maybe Webroot backed off EDR claims? If so, that’s a bit disappointing.

Strange the link doesn’t work for me?

 

 

Maybe you should contact Webroot Business Support: https://www.webroot.com/us/en/business/support

 

 


The link doesn’t work for me either????


There was a blog post, Announcing new EDR capabilities for Webroot Endpoint Protection that seems to be scrubbed from the site. I shared it with some of my colleagues at the time so still have the link.

https://www.webroot.com/blog/2024/08/19/announcing-new-edr-capabilities-for-webroot-endpoint-protection/

I see the isolate option is available in the portal, but maybe Webroot backed off EDR claims? If so, that’s a bit disappointing.

Strange the link doesn’t work for me?

 

 

Maybe you should contact Webroot Business Support: https://www.webroot.com/us/en/business/support

 

 

I understand now the article was on the blog but now it’s not maybe ​@TylerM can tell us more.


There was a blog post, Announcing new EDR capabilities for Webroot Endpoint Protection that seems to be scrubbed from the site. I shared it with some of my colleagues at the time so still have the link.

https://www.webroot.com/blog/2024/08/19/announcing-new-edr-capabilities-for-webroot-endpoint-protection/

I see the isolate option is available in the portal, but maybe Webroot backed off EDR claims? If so, that’s a bit disappointing.

Strange the link doesn’t work for me?

 

 

Maybe you should contact Webroot Business Support: https://www.webroot.com/us/en/business/support

 

 

I understand now the article was on the blog but now it’s not maybe ​@TylerM can tell us more.

None show: https://www.google.com/search?client=firefox-b-d&q=Announcing+new+EDR+capabilities+for+Webroot+Endpoint+Protection

 

This one does: https://www.xcitium.com/webroot-edr/


There was a blog post, Announcing new EDR capabilities for Webroot Endpoint Protection that seems to be scrubbed from the site. I shared it with some of my colleagues at the time so still have the link.

https://www.webroot.com/blog/2024/08/19/announcing-new-edr-capabilities-for-webroot-endpoint-protection/

I see the isolate option is available in the portal, but maybe Webroot backed off EDR claims? If so, that’s a bit disappointing.

This link also doesn’t work for me. Let me ask around


@kleinmat4103 
Hi,

Currently the Host Isolate commands are NOT automated. This is something that is definitely in the works though as part of the console and agent development.

It would work like, say, upon a detection threshold of a malware type etc it could auto isolate the host. Say, for a Trojan/Ransomware/Miner/Credential stealer it would isolate, but for a PUP/PUA it won’t. Stuff like that. I’ve had discussions with the product development team regarding this. There’s A LOT of data they have on threats, just we don’t see it yet and they’re also trying to find ways to show this and act upon it in various ways. Very promising, but of course I’ve no idea of any timeline for this. If you didn’t know, they’re building in YARA detections as well so that threats and detections of new TTP’s can be detected faster by pushing very small YARA updates to agents. Super Cool Stuff. Makes the product very flexible

@TripleHelix 
You are referencing the Controlling of System Processes, which is something different than what we are talking about. I wish THAT what you showed was available in the console. 

The Host Isolation feature is for Business/MSP/MSSP use and currently not in the consumer product. 

I don’t think that OpenText/Webroot have backed off the EDR claims. I think the article may have been either removed for updating or something. Again ​@TylerM might be able to find out that more. 

Hope This helps

John H


@kleinmat4103 

One way to to push the Auto Isolate is to start a Feature Request here in the Community. I’ll DEFINITELY upvote it and encourage others here to upvote it as well. That way, we show OpenText that this is something we want. 


@jhartnerd123 thanks and I totally understand and I will move it to the Business section!


Yeah, the blog link doesn’t work anymore. I’m not sure when that post was pulled. It definitely worked at some point because it came across the RSS feed.

@jhartnerd123

Thanks for that info. Good to know that feature is in the works.

I just created a feature request. Feel free to upvote it.
 

 


Reply