Webroot Enterprise System Administrator Guide Webroot Software, Inc. PO Box 19816 Boulder, CO 80308 www.webroot.
Webroot Enterprise System Administrator Guide © 2004–2005 Webroot Software, Inc. All rights reserved. Webroot, Spy Sweeper, and the Webroot and Spy Sweeper icons are registered trademarks or trademarks of Webroot Software, Inc. All other trademarks are properties of their respective owners.
Contents 1: Planning Your Installation 1 About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 System Requirements . . . . . . . . . . . . . . . . . . . .
Configuring Sweep Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Up Sweep Alerts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running Sweeps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running a Sweep Now . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1: Planning Your Installation Webroot Enterprise™ lets you install and manage Webroot® products throughout your company. You can set up groups with different settings, install updates automatically or manually, view the status of all products, and much more. Webroot Enterprise gives you companywide management and control to ensure that your company’s computer resources are protected from a variety of threats.
Technical Support Technical support is available by phone and e-mail: • Call 800-870-8102 • Send your questions to: esupport@webroot.com.We will respond within one business day. System Requirements Following are the system requirements for Webroot Enterprise. Table 1: Company server system requirements Operating system Windows NT 4.
Understanding Webroot Enterprise Webroot Enterprise offers a total enterprise solution for your companywide spyware management using a client/server architecture. Figure 1 shows a base configuration and how Webroot Enterprise works. Webroot Update Server where application and definition updates are available. Internet Your company server, with Webroot Enterprise installed, downloads updates from the Webroot Update Server over the Internet.
Table 4: Webroot Enterprise Server components Component File name Description Client Service™ WebrootClientService.exe • Installed during the Controls the installation of Webroot communication between Enterprise Server. the client workstations and your company server. • Requires local network access. Update Service™ WebrootUpdateService.exe Installation/Network Access Requirement Controls the updates from • Installed during the the Webroot Update installation of Webroot Enterprise Server.
Planning for Webroot Enterprise Deployment If you plan to deploy Webroot Enterprise to 500 or fewer client workstations, you can use the base configuration shown in Figure 1. If you are deploying to more than 500 client workstations, you should review the information in this section to determine the best configuration and settings to use. Table 7 provides general configuration and database recommendations based on the number of client workstations.
Configuration poll and sweep results Settings and updates Clients Company server using DBISAM Figure 2: Single site with 500 clients Configuration poll and sweep results Clients Settings and distributor addresses Company server using DBISAM Request for updates Updates Updates Distributors Figure 3: Single site with 10,000 clients 6 1: Planning Your Installation
Site 1 Clients Request for updates Updates Configuration poll and sweep results Settings and distributor addresses Distributors Updates Site 2 Clients Request for updates Updates Updates Company server using SQL Distributors Figure 4: Multiple sites with more than 10,000 total clients How Webroot Enterprise Updates Work Most Webroot Enterprise updates are completely automatic after initial installation and setup. The whole update process works like this: 1.
5. The distributor server sends the updates to the client workstation. 6. If the distributor server is not available, then the client workstation sends its request to the next distributor server on the list. The company server is always the last server on the list, and it will send the updates if no other distributor server is able to do so. This process spreads the load across all distributor servers to ensure that the servers are not overwhelmed with update requests.
2: Installing Webroot Enterprise You must perform the following tasks to install Webroot Enterprise: 1. If you are using Microsoft SQL Server for your database, set up the SQL database. (See page 9.) • For information about determining what database to use, see “Planning for Webroot Enterprise Deployment” on page 5. 2. Install Webroot Enterprise Server on your company server. (See page 11.) 3. Set up one or more client workstations. (See page 20.) 4.
4. Give the new database a unique name. 5. Browse to the Users pane of the new database. 6. Right-click and select New Database User. 7. Create a new user and select the db_owner role in the Database Role Membership section. 8. Configure your SQL server for SQL Server and Windows authentication and use a SQL user account instead of a Windows account to access a SQL database with Webroot Enterprise. 9. When you install Webroot Enterprise Server, select SQL Server 2000 in the Database Settings window.
• If the server name of your SQL Server does not appear in the drop-down list, you can manually enter the name into the field. 11. Enter the name and login information for the database created above. • The installer program attempts to log in to the SQL database with the credentials provided and displays a message if it cannot connect to the database. Note SQL Server databases must use Case Insensitive collation to function correctly with Webroot Enterprise Server.
Table 8: Information required for Webroot Enterprise Server installation (Continued) Field Description Proxy Server If you use a proxy server to access the Internet, enter your proxy server name or IP address and port number in one of the following formats: • server_name.company.com:80 • 10.0.0.1:80 If you do not use a proxy server, leave the field blank. Proxy Username If you use a proxy server that requires authentication, enter your proxy server username.
3. Click Next. • The Software License Agreement window displays. 4. Read the license agreement and click Yes if you agree with the content. • The Installation Path window displays showing you the default installation location.
5. Click Next. • If you want to install to a different location, click browse and navigate to the new location. • The Start Menu window displays showing the default Start menu folder. 6. Click Next. 14 • If you want to use a different Start menu folder, enter a new name or select an existing group. • The Company Information window displays.
7. Enter the information and click Next. Company Name Name of your company. This identifies your Webroot Enterprise product when your company server looks for updates from the Webroot Update Server. Key Code Unique code that identifies the rights and privileges associated with your installation, such as the number of licenses you have purchased for each client workstation application.
9. Enter or select the information and click Next. Proxy Server If you use a proxy server to access the Internet, enter your proxy server name or IP address and port number in one of the following formats: • server_name.company.com:80 • 10.0.0.1:80 If you do not use a proxy server, leave the field blank. • 16 Use Proxy Login If you use a proxy server that requires authentication, select this option.
10. Enter or select the information and click Next. CommAgent Polling Interval How often you want installed CommAgents on each client workstation to check for updates and for schedule and configuration changes from your server. Client Service IP Enter the IP address or host name that the client workstations will use to communicate with your company server. For IP resolution, select the IP address of the network interface card (NIC) visible to client workstations.
12. Enter or select the information and click Next. Use SMTP Login If you use a secure SMTP e-mail server, select this option and enter the username and password below. Username for SMTP Name needed to log in to a secure SMTP server. Password for SMTP Password needed to log in to a secure SMTP server. • The Client Settings window displays. 13. Enter or select the information and click Next. Tray Icon Setting Pop up on Scan 18 Select how you want Spy Sweeper to appear on client workstations.
• Stay Minimized Default and recommended setting. Displays a system tray icon that end users can double-click to display the Spy Sweeper window, but does not pop up the window whenever a sweep starts. From this interface, end users can start their own sweeps and adjust any allowable settings. When a sweep is running, the tray icon will animate to show that Spy Sweeper is sweeping their system. Stay Invisible Does not display a system tray icon and does not do anything when a sweep starts.
15. Click Next. • Webroot Enterprise Server installs and automatically starts the Client Service and Update Service. • A message displays telling you to set up your client workstations. 16. Click Finish. • Webroot Enterprise Server updates automatically when necessary. You are now ready to set up one or more client workstations and distributor servers (if needed). For more information, see “Setting Up Client Workstations” on page 20 and “Installing and Assigning Distributor Servers” on page 24.
Note Installing the client components from the Admin Console requires Windows networking and access to the admin share (c$). To install and update client workstations from the Admin Console: 1. From the Admin Console function tree, select Admin Tasks > Client Deployment. • The Client Deployment panel displays, with a list of the domains or workgroups that exist on your network.. 2. Select the domain or workgroup whose workstations you want to see.
SseCleanup.exe, and SSEStart.exe) are in the same folder whenever SpySweeper.exe executes. Typically, these files are in the C:\Program Files\Webroot\Enterprise\Server\Client folder of the system where you installed Webroot Enterprise Server. • Using a logon script to execute one of the above files. Webroot has provided some example logon scripts that you can change to meet your needs. See “Example Logon Script” on page 23. • Using Group Policies, if you use Active Directory.
• You can specify the server IP address and port in the command line instead of relying on the .ini file. The syntax is: – SpySweeperSetup.msi SERVERIP=10.10.10.10 SERVERPORT=50000 For a silent installation: – • SpySweeperSetup.msi /q SERVERIP=10.10.10.10 SERVERPORT=50000 You can also pass the client deployment setting.
REM Display an install message, execute the client setup package from a shared network drive and then go to end :install echo Loading Webroot Enterprise Clients... "C:\Program Files\Webroot\Enterprise\Server\Client\SpySweeperSetup.
To install distributor servers: 1. Execute the WebrootDistributorSetup.exe file on the server you want to be a distributor server. • The file is typically in the C:\Program Files\Webroot\Enterprise\Server\Distributor folder of the system where you installed Webroot Enterprise Server. 2. Follow the on-screen instructions. • You can now assign distributor servers. Assigning Distributor Servers After you install the distributor server on your servers, you must assign those servers to groups.
7. Drag a server from the list to a group or to the company in the group tree. • To remove a server assignment, select the server in the group tree and click Unassign Distributor. • To update the status of the distributors, click Refresh. • To remove the selected distributors from their assignments and from the list of distributors, click Remove Distributors, then click Apply Changes. 8. Click Apply Changes. • Your company server will automatically send copies of all updates to all distributors.
Understanding the Admin Console Window The Admin Console window lets you set up, manage, and monitor Webroot Enterprise functions and applications. Figure 5 shows the window and describes its parts. Main panel— Displays the settings and actions available for the selected function. Function tree— Expand and select nodes to see the available settings and actions.
28 2: Installing Webroot Enterprise
3: Setting Up the Webroot Enterprise Server You can perform the following tasks to complete the setup of the Webroot Enterprise Server: • Access the Admin Console and view news (see page 29) • Edit the server settings (see page 29) • Set up notification (see page 32) • Manage client workstations (see page 34) • Assign distributor servers (see page 25) • Filter information (see page 37) Accessing the Admin Console and Viewing News The Admin Console is where you set up, manage, and monitor Webroo
– If you need to be sure that all clients receive updates or setting changes immediately, you can use the Poll Now button in the Client Management panel, however, you should use this option selectively to ensure that you do not overwhelm your network and servers. • Updates for the Webroot Enterprise Server, including the Admin Console, download and install automatically whenever your company server contacts the Webroot Update Server.
Field Description Client Service IP Enter the IP address or host name that the client workstations will use to communicate with your company server. For IP resolution, select the IP address of the network interface card (NIC) visible to client workstations. For host name resolution, enter the fully qualified domain name of your server (requires a properly configured DNS environment). Port Port on your company server that the Client Service will use to communicate with your client workstations.
Field Description Final Retry (Seconds) Amount of time between retries after the client has been rejected several times. The rejected client continues to retry to connect at this interval until it is successful. Database tab You cannot change the type of database after installation. The information in this tab is read-only. 3. Click Apply Changes.
Setting Up Notification Messages You can set up the messages that Webroot Enterprise Server sends for the following types of events: • Availability of updates or definitions to the Webroot Enterprise Server or client workstation components • Detected spyware • Errors that occur on client workstations To set up notification e-mail messages: 1. From the Admin Console function tree, select Admin Tasks > Configure E-mail Notifications. • The Configure E-mail Notifications panel displays. 2.
Managing Clients You can manage client workstations and perform the following functions from the Admin Console: • Manage groups (see page 34) • Create and export client reports (see page 35) • Poll client workstations now (see page 36) • Delete client workstations (see page 36) Managing Groups You can set up groups to help administer the Webroot product updates, sweep scheduling, and sweep settings. Every workstation where you have installed the Spy Sweeper client must belong to a group.
4. Click OK. • The group name now displays in the group tree on the left side of the panel. 5. Drag a workstation from the list to a group in the group tree. • To move a workstation from group to another, drag it from the current group and drop it onto another group. • To delete a group, move all workstations in the group to another group, select the group you want to delete, and click Delete Group.
Polling Client Workstations Now You can poll one or more client workstations from the Client Management panel. You can use this function if you have changed some settings, such as assigning program or definition updates, and you want client workstations to receive those updates immediately. Note Use this option selectively to ensure that you do not overwhelm your network and servers with a large number of client workstations requesting updates at the same time. To poll client workstations now: 1.
3. Select the client workstation you want to delete. • You can select more than one workstation by using Ctrl or Shift as you select workstations. 4. Click Delete Selected Workstations. • You can also right-click the selected workstations and select Delete Selected Workstations. • The system removes the workstation from the list. 5. Click Apply Changes. • The system deletes the workstation from its database.
6. Click OK. • The information in the panel changes to display only those workstations that meet your filter criteria. • At the bottom of the panel, a gray bar displays that lets you do the following: – Close the gray bar—Click the x. – Turn off the filter temporarily—Select the check box to toggle the current filter on and off. – Edit or save the filter and open other filters—Click Customize to see these additional filter options. To group information: 1.
4: Managing Spy Sweeper Spy Sweeper lets you protect your end users’ privacy and your company’s computers from a variety of spyware including those that monitor all computer activities (system monitors) and those that can steal or destroy data (Trojan horses). It also detects spyware that pops up ads on your computer (adware) and cookies that may contain personal information (tracking cookies).
• By setting up exceptions for specific spyware to keep or to restore already quarantined spyware – To override the default spyware handling for each spyware type, you can set specific spyware to keep. You may want to use this option if your end users have specific spyware on their computers that they need to keep to make another program run properly. – Spy Sweeper must detect the spyware on at least one client workstation before you can set Spy Sweeper to keep it.
5. Click Apply Changes. • Spy Sweeper will now automatically handle each spyware type based on your selections. It will also always keep the spyware in the Always Keep/Restore from Quarantine list for the selected group when it runs sweeps. • To change the settings for one group to be the same as the settings for the whole company, select the group in the group tree and click Apply Company Settings, then click Apply Changes.
Option Messenger Shield On Description (Applies only to Windows NT, 2000, and XP.) This option turns off and actively watches the Microsoft Messenger Service. This service is not an instant messaging program and does not affect your use of instant messaging. This service is often used for sending spam and creating pop-up ads. Turning off the service stops these types of spam and pop-ups. If you use this service to broadcast information to your users, do not turn on this shield.
Option Description Blocked Applications/Web Sites tab Blocked Websites Shield On Adds a list of suggested sites to block to your Hosts file and sets the IP address for those sites to the IP address for your computer. This blocks banner and other advertising from these sites. When you go to a Web site that has advertising from one of the blocked sites, you may see a small graphic that indicates a broken link to a graphic (typically a red x in a box). This just shows where the blocked ad would display.
To configure sweep settings: 1. From the Admin Console function tree, select Manage Desktop Applications > Spy Sweeper > Configure Spy Sweeper > Sweep Settings. • The Sweep Settings panel displays with available sweep options. 2. From the group tree, select the group you want to set up. • If you want these settings to apply to the whole company, select the company at the top of the group tree.
Option Description Tray Icon Setting Select how you want Spy Sweeper to appear on client workstations. Pop up on Scan Displays a system tray icon that end users can double-click to display the Spy Sweeper window and automatically pops up the window whenever a sweep starts, whether scheduled or using Sweep Now. Stay Minimized Default and recommended setting.
Running Sweeps You can run sweeps the following ways: • Run a sweep now (see page 46) • Schedule sweeps (see page 47) You can also view and stop sweeps that are running. For more information, see “Viewing and Stopping Sweeps” on page 48. Running a Sweep Now You can run a sweep on one or more client workstations when you learn about a critical spyware threat. The sweep will use the current sweep settings.
To run a sweep now: From the Sweep Now panel From the Client Management panel 1. From the Admin Console function tree, 1. From the Admin Console function tree, select Admin Tasks > Client Management. select Manage Desktop Applications > Spy Sweeper > Manage Spyware > • The Client Management panel displays with a list Sweep Now. of all existing groups on the left side. • The Sweep Now panel displays. 2. Select the group or client workstation where you want to run the sweep. 2.
2. Select the group or client workstation where you want to schedule the sweep. • If you want these settings to apply to the whole company, select the company at the top of the group tree. • The settings in the Schedule Sweeps panel show the current settings for the selected group or for the company. 3. If you want end users to be able to change these settings, select the User Editable option. Note We do not recommend making the schedule options user editable. 4.
If you want server components updates to install automatically as soon as they are downloaded, select the Automatically Install Server Updates option on the Basic tab. If this option is not selected, you must manually install server updates by executing the setup batch file contained in each server update folder. Updates for the client Spy Sweeper program and definitions download whenever your company server contacts the Webroot Update Server, but they do not install automatically.
Installing Updates Automatically You can setup Spy Sweeper to automatically install updates when your company receives them from the Webroot Update Server. The automatic settings only apply to updates received after you change these settings. You must manually install any updates that you received before you set up the automatic installation. We suggest that definitions be set to automatically install.
To set up notification for Spy Sweeper updates: 1. From the Admin Console function tree, select Manage Desktop Applications > Spy Sweeper > Update Spy Sweeper > Update Notifications. • The Update Notifications panel displays with a list of the types of updates and available e-mail notification recipients. 2. Drag the name of an e-mail recipient to the update tree. • To move a recipient to different update type, delete it from the current type and add it to another type using the buttons. 3.
Viewing a Summary of Detected Spyware You can view a summary of the spyware that Spy Sweeper has detected on client workstations throughout the company either by group or by spyware type. To view a summary of detected spyware: 1. From the Admin Console function tree, select Status > Product Summaries > Spy Sweeper. • The Spy Sweeper panel displays with the group tree and spyware type tree. 2. Select a group, client workstation, or spyware type to see where spyware was found.
5: Monitoring Status You can monitor the status of Webroot Enterprise in the following ways: • Review the Webroot Enterprise Dashboard (see page 53) • View update history and installed applications (see page 57) • View client status (see page 58) • View errors (see page 58) • Generate reports (see page 59) Reviewing the Webroot Enterprise Dashboard The Webroot Enterprise Dashboard shows you an overview of your overall system health.
Figure 6 shows the main Dashboard panel. Large icon shows overall status. If any single category has a warning or critical status, this icon reflects the most serious status. Information refreshes hourly. Click Refresh to update all Dashboard information based on the latest polling data from each client workstation. Click a link to view more details. Status bar icon, which displays in every Admin Console panel, shows the same overall status as the large icon above.
2. Click Refresh to update the status based on the latest polling data from each client workstation. • To export the data from either table, select the workstations you want to include, then right-click the selected workstations and select Export to Excel. You can select more than one workstation by using Ctrl or Shift as you select workstations.
To view the Infection Status: 1. From the Admin Console function tree, select Webroot Enterprise Dashboard > Infection Status. • The Infection Status panel displays. 2. Click Refresh to update the status based on the latest polling data from each client workstation. • To export the data from either table, select the workstations you want to include, then right-click the selected workstations and select Export to Excel.
Viewing the Server Status The Dashboard Server Status panel lists the latest downloaded software and definition versions, the current port settings, and the Webroot services status for the company server. The panel also includes an overall server status. • Critical (red)—One or more of the listed ports is closed or one or more Webroot services is stopped. • Good (green)—All of the listed ports are open and all Webroot services are running. To view the Server Status: 1.
To view applications installed: 1. From the Admin Console function tree, select Admin Tasks > Client Management. • The Client Management panel displays with a list of all existing groups on the left side. • To see all client workstations that have the Spy Sweeper client installed, click the top (company) node of the group tree. 2. Select the group or client workstation whose application version you want to see.
Generating Reports You can generate the following types of reports: • Error—Includes all errors from Spy Sweeper. • Spyware—Includes details of the spyware found. To generate reports: 1. From the Admin Console function tree, select Reports and the type of report you want. 2. From the group tree, select the group you want. • If you want the report to include the whole company, select the company name at the top of the group tree. 3. Select the date range you want the report to include. 4.
60 5: Monitoring Status
A: Webroot Enterprise Port Requirements A number of communication ports must be opened for proper communications between all network components within the Webroot Enterprise architecture. Table 11 describes the port requirements for a Webroot Enterprise installation. The aim of this information is not to document how to open all of these ports for a particular firewall, but rather to describe what ports must be open and on what systems within your Webroot Enterprise architecture.
62 A: Webroot Enterprise Port Requirements
B: Migrating an Existing Installation from DBISAM to SQL Server If you have an existing Webroot Enterprise installation and need to migrate the database from DBISAM to SQL Server, you can do so. The migration tool only changes a DBISAM database to a SQL Server database for the same version of Webroot Enterprise. Note You only need to migrate to SQL Server if you expect to install more than 10,000 clients. To migrate from DBISAM to SQL Server: 1.
7. Start the import utility to bring the DBISAM database files into the SQL Server database. • If you installed the Webroot Enterprise Server to the default location, the import utility is in the following location: – C:\Program Files\Webroot\Enterprise\Server\SSEImport.exe • Depending on the size of the database being imported, the process can take from a few seconds to several minutes. • On completion of the import, a confirmation message displays.
Index A Active Shields, setting up 41 Add Group button 34 Admin Console configuring server settings 29 defined 4 installing 4 starting 29 understanding 3 understanding the main window 27 updating 30 Advanced tab 31 alerts, setting up for sweeps 45 Always Keep list 40 applications viewing errors from client workstations 58 viewing installed by group 57 viewing update history of 57 assigning distributor servers 24, 25 uninstalling Spy Sweeper from 24 unlocking Spy Sweeper functions at 52 viewing application
Delete Group button 35 Delete Selected Workstations button 37 Deleted Selected Workstations button 35 deleting client workstations 36 Deploy Client button 21 distributor servers assigning 24, 25 changing the default port for 26 how they work 5 installing 24 recommendations about number to use 5 removing 25 unassigning 25 updating process 7 distributors defined 4 installing 4 Download Folder field 11, 30 Drives to Sweep drop-down list 44 E E-mail Host field 11, 17, 31 E-mail tab 31 Enable Mobile Client Suppo
infection status 55 server status 57 status 53 sweep status 54 top spyware threats 56 N News, viewing 29 notification setting up 32 setting up e-mail addresses for 32 setting up for errors 33 setting up for Spy Sweeper updates 50 setting up messages for 33 P Password field 45 Password for SMTP field 18 Path to Download Folder field 15 planning for Webroot Enterprise deployment 5 Poll Now button 36 polling client workstations now 36 recommendations about setting frequency 5 Pop up on Scan option 18, 45 Port
Stay Invisible option 19, 45 Stay Minimized option 19, 45 stopping sweeps 48 support 2 Sweep All Folders on Selected Drives option 44 Sweep Memory option 44 Sweep Now button 47 Sweep Only Known Spyware Folders option 44 Sweep Registry option 44 Sweep Status panel defined 54 icons in 54 sweep status, monitoring 54 sweeps configuring 43 running 46 running now 46 scheduling 47 setting up alerts for 45 settings for 43 stopping 48 viewing those running 48 sweeps, viewing last date of 58 system health status bar,