From the Management Portal, you can issue commands to individual endpoints or to a group of endpoints. For example, you might want to scan an endpoint at a remote location. With these commands, you can easily run all the same commands that are available on the endpoint's SecureAnywhere software.

            

Be aware that the endpoint may not receive the command until the next polling interval. If necessary, you can change the polling interval in its associated policy or you can force an immediate polling. For more information, see Changing Policy Settings or Forcing Immediate Updates.

            

Note: Depending on your access permissions for Commands, such as Simple, Advanced, or Expert, you may not see all the commands listed in this section. Administrators can change access permissions; for more information, see Setting Console User Permissions.

            

To issue commands to endpoints:

            

  1. From the Endpoint console, click the Group Management tab.


    The Group Management tab displays.

         

  2. In the Groupscolumn, select the group that contains the endpoints you want to issue commands to.



  3. In the Endpoints panel, do either of the following to display information about an endpoint:
    • Select the checkbox next to the one endpoint.
    • Select the checkbox at the top of the Checkbox column.


When you select one or more checkboxes, additional commands in the command bar become active and ready for use.


  1. In the command bar, click the Agent Commands down arrow.

    Based on your selection, the Agent Commands menu displays.

    • If you selected PC endpoints or PC and Mac endpoints, your Agent Commands menu displays as follows:



    • If you selected only Mac endpoints, your Agent Commands menu displays as follows, and does not include Identity Shield commands or the option to remove password protection:



  2. Select a category of agent commands and then, from the menu that expands, select a command to run.

    For a description of each command, see the tables following these steps.

    COMMANDDESCRIPTION
    AGENT COMMANDS

    Scan

    Run a Deep scan in the background as soon as the endpoint receives the command.

    When the scan completes, the Scan History panel shows the results for a Deep scan.

    This command runs on both PC and Mac endpoints.

    Note: Any detected threats are not automatically quarantined. You must take action yourself in the portal by running a Clean-up or by creating an override.

    Change scan time

    Select a new time of day to scan the endpoint.

    By default, SecureAnywhere runs a scan every day at about the same time it was installed. For example, if you installed SecureAnywhere on the endpoint at noon, a scan will always run around 12 p.m. With this command, you can change it to a different hour.

    This command runs on both PC and Mac endpoints.

    Scan a folder

    Runs a full, file-by-file scan on a specific folder. Be sure to enter the full path name.

    On a Windows system, for example, you would enter:

    C:\Documents and Settings\Administrator\My Documents

    On a Mac system, for example, you would enter:

    /Applications

    This command runs on both PC and Mac endpoints.

    Clean up

    Start a scan and automatically quarantine malicious files.

    When the scan completes, the Scan History panel shows results for the Post Cleanup Scan.

    This command runs on both PC and Mac endpoints.

    System Optimizer

    Run the System Optimizer on the endpoint, which removes all traces of webbrowsing history, files that reveal the user's activity, and files that consume valuable disk space, such as files in the Recycle Bin and Windows temp files.

    You can change the System Optimizer options in the Policy settings.

    This command runs on both PC and Mac endpoints.

    Uninstall

    Uninstall SecureAnywhere from the endpoint.

    With this command, the endpoint is still shown in the Management Portal.

    To uninstall SecureAnywhere and free up a seat in your license, deactivate the endpoint instead. For more information, see Deactivating Endpoints.

    This command runs on both PC and Mac endpoints.

    Reset

    Return SecureAnywhere settings on the endpoint to their default values.

    This command runs on both PC and Mac endpoints.

    Remove password protection

    Disable password protection from the endpoint user's control, which allows administrators to gain access to the endpoint if they are locked out.

    This command runs only on PC endpoints.

    Showgui

    Displays the UI if policy allows for it.

    Example: "c:\program files\webroot\wrsa.exe" –showgui

    This command runs only on PC endpoints.

    Silentscan

    Initiates a silent scan where the scan UI will not be presented to the user but will be seen if hovering over tray icon.

    Command example:

    WRSA.exe -silentscan="c:\foldername"

    Example of run command to scan a folder:

    "C:\Program Files\Webroot\WRSA.exe" -silentscan="c:\Documents and Settings\Administrator\Desktop"

    Example of run command to scan a file:

    "C:\Program Files\Webroot\WRSA.exe" -silentscan="c:\Documents and Settings\Administrator\Desktop\eicar.com"

    This command runs only on PC endpoints.

    Clear Data Commands

    Clear files

    Erase current log files, which frees space on the endpoint.

    This command runs on both PC and Mac endpoints.

    Disable proxy settings

    Disable any proxy settings the endpoint user set on the endpoint.

    This command runs on both PC and Mac endpoints.

    Note: Do not use this command if the endpoint's only Internet access is through the proxy server. The endpoint will no longer be able to communicate with the cloud.

    KEYCODE COMMANDS

    Change keycode

    Enter a different keycode.

    This command runs on both PC and Mac endpoints.

    Note: The drop-down list displays only keycodes that are assigned to this console.

    Change keycode temporarily

    Switch the keycode used for this endpoint temporarily, which might be necessary for testing purposes.

    In the dialog box, choose a keycode from the drop-down list, then specify the dates for SecureAnywhere to use it. When the specified time for the change elapses, the keycode reverts to the original.

    This command runs only on PC endpoints.

    Lock endpoint

    Lock this endpoint by activating the login screen. The user must enter a user name and password to log back in.

    This command runs on both PC and Mac endpoints.

    Log off

    Log the user out of the account.

    This command runs on both PC and Mac endpoints.

    Restart

    Restart this endpoint when it reports in.

    This command runs on both PC and Mac endpoints.

    Reboot in Safe Mode with Networking

    Restart this endpoint in Safe Mode with Networking.

    This command runs only on PC endpoints.

    Shutdown

    Shut down this endpoint when it reports in.

    This command runs on both PC and Mac endpoints.

    Antimalware Tools commands

    Reset desktop wallpaper

    Reset the desktop wallpaper to the default settings, which might be necessary if the endpoint was recently infected with malware that changed it.

    After sending this command, the user must restart the PC endpoint.

    This command runs on both PC and Mac endpoints.

    Reset screen saver

    Reset the screen saver to the default settings, which might be necessary if the endpoint was recently infected with malware that changed it.

    This command runs on both PC and Mac endpoints.

    Reset system policies

    Reset the Windows system policies, which might be necessary if the endpoint was recently infected with malware that changed such policies as the Task Manager settings.

    This command runs only on PC endpoints.

    Note: This command resets Windows policies, not Endpoint Protection policies.

    Restore file

    Restores a quarantined file to its original location, using its MD5 value.

    For more information about how to locate a file's MD5 value, see Applying Overrides From the Overrides Tab.

    This command runs only on PC endpoints.

    FILE AND PROCESS COMMANDS

    Reverify all files and processes

         Re-verify this file's classification when the next scan runs.

    This command is useful if you have established some overrides and need them to take effect on an endpoint.

    This command runs only on PC endpoints.

    Consider all items as good

    Consider all detected files on this endpoint as safe to run.

    This command is useful if you find numerous false positives on an endpoint and need to quickly tag them as "Good."

    This command runs only on PC endpoints.

    Allow processes blocked by firewall

    Allow communication for all processes that are blocked by the Firewall setting.

    This command runs only on PC endpoints.

    Stop untrusted processes

    Terminate any untrusted processes, which might be necessary if a regular scan did not remove all traces of a malware program.

    The processes stop immediately, but are not prevented from running again later.

    This command runs only on PC endpoints.

    IDENTITY SHIELD COMMANDS
    Allow application

    Allow an application to run on the endpoint. 

    This command runs only on PC endpoints.

    Deny application

    Block an application from running on the endpoint. 

    This command runs only on PC endpoints.

    Allow all denied applications

    Re-set all applications previously blocked, so they can run on the endpoint.

    This command runs only on PC endpoints.

    Protect an application

    Add extra security to an application running on the endpoint. 

    This command runs only on PC endpoints.

    Unprotect an application

    Re-set the application to standard protection, if you previously used the Protect an application command to add extra security. 

    This command runs only on PC endpoints.

    ADVANCED COMMANDS
    Run Customer Support Script

    Specify a URL to download an executable file to the agent and run it remotely.

    This command runs only on PC endpoints.

    Customer Support Diagnostics

    Run the WSABLogs utility to gather information about an infected endpoint.

    The Customer Support Diagnostics dialog displays the location of the utility's executable file, and the email address associated with the endpoint account.

    Clicking Submit runs the utility and sends the results to Webroot Business support.

    You can specify optional advanced settings to send an additional file, to save the log locally instead of sending it, and gather a memory dump.

    This command runs on both PC and Mac endpoints.

    Note: Optional settings do not apply to Mac, and are not necessary for that platform.

  3. As needed, do either of the following:

                        
    • To see the status of commands you sent, from the Agent Command menu, select View commands for selected endpoints.



    • To review the Command Log, in the main Endpoint Protection console, click the Logs tab. For more information, see Viewing Command Logs.

                    

Endpoint Protection will issue the commands on the next polling interval for Windows computers. If needed, you can either change the polling interval in Basic Configuration of the group's policy or you can force the changes immediately as described in Forcing Immediate Updates.