Skip to main content
I'm trialing Webroot SecureAnywhere Business. In the console I have the "threat detected" alert enabled. I have the check-in interval set to 15 minutes.

 

I have a few questions:

 

1. Is there any way to receive "immediate" alerts when an endpoint detects a threat?

 

2. I am not always receiving the alert emails. For example, a colleague of mine download a Google Nexus Rooting toolkit which Webroot detected and I received an email alert. On another machine that is on an isolated network with its own internet circuit I've been downloading all kinds of "known malware" that I use for testing AV products including spyware installers, crapware, ransomware, etc. Webroot has blocked/detected all of these files (see screenshot attached) however I have yet to receive a single alert. I can't really try these same tests in our production network for obvious reasons. It's troubling to me that if we were to choose Webroot and a user was engaging in this sort of activity on our production network we would receive zero alerts.

 

Any suggestions?

 



 

 
Checked with someone here to get you answers:

 

1. Nothing faster than the 15 minute interval you have now

 

2. Make sure you have noreply@webrootanywhere.com whitelisted.  Try deleting and recreating the alert.  If that doesn't work, go ahead and contact our support and they'll grab some logs and see what is going on.
Thank you for your time. I did recreate the alert and magically a few minutes later I received an email related to the threats that were detected earlier today, however I still haven't received any alerts for the threats that were detected 20 minutes ago. I opened a support case; this is disappointing because Webroot was working so well up until the alerts stopped working. The alerting function is very important in our environment so if it is going to require a lot of babysitting we're going to have to look elsewhere.
Cool - let me know what support says about it.
Their response was as follows:

 

This is not a known issue and we are unsure what may have happened. This is not a common issue that we have seen. If you continue to experience any issues, please let us know.

 

------------------------------------------

 

Recreating the alert seems to have done the trick, however that does not explain why it stopped working in the first place. Hopefully this was a one-time glitch.
Ok glad that the recreation seems to have worked for now.  Did the ones that you mentioned above ever come through?  Keep me posted if the issue comes back, and I'll ping the escalations folks here to take a look at it.
No, some older alerts showed up bot not the more recent ones. I've been going to the support site now for these issues and I have 2 or 3 cases open out there now, at least I think so, all I see are "messages". I have a new issue now where a different endpoint is stuck at "needs attention" in the console even though the last scan came back as "clean" about 20 minutes ago and my check in interval is set to 15 minutes.

 

This is unfortunate since everything was looking really good until I started adding more endpoints and throwing malware at them. What I was hoping is for the console to provide timely alerts 100% of the time and to always show the most up to date status of all the endpoints.
I know there is an issue with endpoints not showing as having reported in, that we're working on.  I'll go ahead and send this thread over to my contact in escalations to see if it might be related.

Reply