Hi everyone,
I'm struggling to understand two featuers of the central managed webroot endpoint security:
1- Unknown program management
2- protection against ransomware-day 0 attacks for online enpoints
1) once an endpoint is scanned a report is sent back to the central console and from there the admin could take a look to the unknown programs- suspect files and so on.
Reading on the manual I found out that once an override is managed (e.g. good program) than the endpoint, for that MD5 signature, doesn't do any kind of check. The problem is that that file keep being displayed on the report of the scan for the endpoint on the firther checks even if it's considered good , that's not simply annoying, create confusion as far as i see
2) I cannot really unserstand how an "online" workstation could be protected from attacks such as the cryptolocker ransomware.
On one said as far as I understood, if the workstation goes offiline a heuristic mode is turned on and a sandbox feature forn unknown programs is provided in order to rollback changes.
But how can the system in online mode detect and "protect" the endpoint from these attacks? What would the endpoint user see on his pc? A warning? A guide to rollback?
Sorry for these strange questions but the guide I found that threat the cryptolocker remediation are related to a local managed endpoint and i cannot find any similar reference on the web console.
Regards and thanks in advance
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.