corner
Webroot Software UK | Home
Webroot AntiSpyware Corporate Edition

Enterprise Support FAQ

Limitations of the Client Deployment feature

Webroot AntiSpyware Corporate Edition version 2.1 supports Client Deployment from the Admin Console. Below are some limitations of the Client Deployment feature.

  • Installing the client components from the Admin Console requires Windows networking and access to the admin share (admin$).
  • Client Deployment cannot be used to Install or Uninstall on Windows 98, Windows 98 SE or Windows ME as it requires the use of a service.
  • We recommend deploying to or uninstalling no more than 30 workstations at one time.
  • The Client Deployment feature cannot be used to install clients across Domains or VLAN's.
  • If a client application that was installed from the Client Deployment screen is uninstalled via Add\Remove Programs on the client machine, the workstation will not automatically be deleted from the Admin Console. Once uninstalled, you will need to delete this workstation manually from the Client Management screen with the "Delete selected workstation(s)" button.
  • If you need to uninstall a client application manually using Add/Remove Programs, you will need to browse to a folder containing the SpySweeperSetup.msi file on your network.

Please verify that the client machine does not have a firewall enabled prior to using the Client Deployment feature.

back to top

Sweep Now screen is limited to displaying 100 clients at a time

With the release of Webroot AntiSpyware Corporate Edition 2.1, the sweep now screen has been limited to display 100 users. The sweep now screen tries to make a connection from the server to each client. By limiting the display to 100, the screen display is much faster. When going to the sweep now screen and selecting a group of more than 100 clients, a message will be displayed stating:

"This group contains too many clients for this operation. Only the first 100 clients will be visible."

Please note that machines will still run their scheduled sweeps. The client management screen will not be limited to displaying 100 machines. A sweep now can always be run from the client management screen as well. If it is necessary to see all members of a group on the sweep now screen, you can move clients into a new group.

back to top

Installing Webroot Admin Console on a machine with multiple NICs

When installing the Webroot Admin Console on a machine with multiple Network Interface Cards (NIC), it is best to set the Client Service IP setting to the IP address rather than installing with hostname.

back to top

Updates and bandwidth:

The normal communication between the client and the server is only about 1 KB. Spy definition updates are typically 1 MB. A new Spy Sweeper client update can be as large as 6 MB. Many things can affect the performance of the server. Deploying distributor servers reduces WAN bandwidth consumed when spy definitions or software updates are delivered.

back to top

Client Configuration and Software Updates:

The Enterprise solution supports a polling model where the clients request configuration changes. You can cause clients to poll by restarting the CommAgent Service on the client workstation. Since the 2.0 release, a "poll now" option has been added to the Admin Console. This feature will allow you to force a client check in without recycling the CommAgent service manually from the client machine.

back to top

Available License count is incorrect.

To enter a new key code in the Admin Console, go to Admin Tasks, Settings and paste in the new code including the brackets. To update the licenses, stop and restart the Webroot Update Service, then Check for Updates in the Admin Console. This will validate your new license key under Status, Licenses.

back to top

Socket error 10053/10054:

Socket errors 10053 and 10054 occur when the client has temporarily lost communication with the Webroot AntiSpyware Corporate Edition server. This is not a permanent error, and causes no actual issues. If this error continues to occur on the same workstation, then rebooting the workstation should clear it.

back to top

Authentication mode setting for SQL Server:

Mixed mode authentication (SQL Server and Windows) should be selected. Starting with SQL Server 2000, the default setting is Windows authentication. If SQL Server was installed with Windows Authentication, it will be necessary to switch to mixed mode authentication. To do so: 1. Open up SQL Server Enterprise Manager. 2. Expand Microsoft SQL Servers > SQL Server Group. 3. Drill down to the appropriate server group. 4. Right click on the server group > Properties. 5. Click on the security tab. 6. Select SQL Server and Windows. 7. Select OK.

back to top

Can I use Webroot AntiSpyware Corporate Edition on a Novell Network?

The server must be running one of the specified Windows operating systems (NT 4.0 SP5 or higher, Windows 2000, Windows XP Professional, or Windows Server 2003). The folder where updates are downloaded should be on that same physical server.

back to top

How is a new database created in SQL Server 2000?

A new database can be created by using the SQL Server wizard. To do so: 1. Open up SQL Server Enterprise Manager. 2. Select Tools > Wizards. 3. From the select wizard dialog box, expand Database. 4. Highlight "Create Database Wizard" and select OK. 5. The create database wizard will open. Select Next. 6. Enter a database name of your choice. Select a location for the database file and the transaction log file. Select Next. 7. Enter an Initial Size. The database can initially be created at 15 MB (as we can set it to grow). Select Next. 8. Select the option to "Automatically grow the database files". The database can grow by percentage or by megabytes. For maximum file size, select "unrestricted file growth". Select Next. 9. For the transaction log file, the initial size can be set to 5 MB. Select Next. 10. Select the option to "Automatically grow the transaction log files. The log file can grow by percentage or by megabytes. For maximum file size, select "unrestricted file growth". Select Next. 11. The last screen will now display a summary of the selections. If all look correct, click Finish. 12. A dialog box should display stating "The database was successfully created." 13. After creating the database, a prompt asks if the user would like to set a maintenance plan. It is recommended to create a maintenance plan to ensure that backups of the database are in place. 14. After the database has been created, a login should be created and associated to the database.

back to top

How is a new login created in SQL Server 2000?

To create a login for the Webroot AntiSpyware Corporate Edition Database: 1. Open up SQL Server Enterprise Manager. 2. Navigate to the Security folder. 3. Expand the Security folder > Logins. 4. Right click on Logins > New Login. 5. On the general tab, enter a name for the login. Select SQL Server Authentication. Enter in a password. For the database dropdown, select the database that was created for Webroot AntiSpyware Corporate Edition. 6. On the Server Roles tab, verify that nothing is selected. 7. On the Database Access tab, find the Spy Sweeper database that was created and select it. 8. For the Permit in Database Role section, select public and db_owner. Please verify that nothing else is selected. Select OK.

back to top

Event ID ( 1 ) in Source ( WebrootCommAgentService ):

This is an informational message. This happens each time a client checks into the server. This is not an error. To reduce the amount of these messages in the event log, go to admin tasks > Settings and increase the CommAgent polling interval.

back to top

If User Editable is selected, clients will not get configuration changes:

This is how the User Editable function is designed. If you make a change to an active shield and it is marked user editable, it will remain the way it is currently set on the client. To force a change, first remove the user editable option from the setting that needs changed. Apply the changes. Wait for the clients to poll in and receive this change. Next make the change to the desired setting and apply the changes. On the client's next scheduled polling interval they will receive this new setting from the Admin Console.

back to top

Last sweep reporting as 12/30/1899:

The last sweep will report in the Admin Console as 12/30/1899 if the client has not yet swept or has not yet reported the sweep results. Once the client reports the sweep results or runs a sweep, the last sweep date will show correctly.

back to top

What are the spyware category numbers in the spyware report?

The spyware categories correlate directly to the spyware types listed from top to bottom in the Admin Console under Manage Desktop Applications / Spy Sweeper / Manage Spyware / Detected Spyware. For example, category 100 is Adware at the top of that list. Then 101 is Cookies, and so on.

back to top

Client User Permissions:

Webroot AntiSpyware Corporate Edition runs as a service and will clean the file system, memory, all non-user related registry settings, and the registry settings of the currently logged in user regardless of the rights of the currently logged in user.

back to top

How can one configure mobile client updates?

In the Admin Console, under Manage Desktop Applications > Spy Sweeper > Configure Spy Sweeper > Sweep Settings, click the option in the middle of the page that says "Enable Mobile Client Support." This will put a button on their Spy Sweeper client software that says "Update Definitions." When the user clicks this button, the client will check for new spy definitions at the Webroot update server instead of going to your Webroot AntiSpyware Corporate Edition company server.

back to top

Clients showing pending status Admin Console

Below is a list of reasons a machine may have a status of "Pending" in the Admin Console; a) The client workstation is turned off. b) The Webroot Spy Sweeper service is not started on the client. c) A firewall is blocking communication d) A NAT or Proxy resides between the server and the client. Check to see if the IP addresses in the Status - Client Status section of the Admin Console are unique and match the addresses of the client workstations. e) The client's DHCP lease has expired and the IP in the Admin Console does not match the IP of the client workstation.

back to top

Citrix and Terminal Server Support:

Citrix Server and Terminal Server are not supported platforms with Webroot AntiSpyware Corporate Edition version. Preliminary testing by some users suggests that it can be run successfully. Technical Support recommends testing Citrix only in a test environment and running the client in invisible mode.

back to top

How do I submit an Enhancement Request?

Email enhancement requests to esupport@webroot.com and it will be forwarded to the Product Management team for consideration in a future release.

back to top

DBISAM Error 11013 Access denied to table or backup file:

This error occurs when antivirus software is running on the Webroot AntiSpyware Corporate Edition server. Configure the antivirus software to completely exclude the Webroot folder and all subfolders. Then restart all of the Webroot services on the server.

back to top

Error occurred while updating table licensepoolstatus:

When trying to install the Webroot AntiSpyware Corporate Edition server setup from a CD, the following message occurs - "error occurred while updating table licensepoolstatus." This is due to the setup trying to write back to the CD. The workaround is to copy the setup file to the hard drive of the server and then run the installation.

back to top

I am running eval version, do I need to reinstall after purchasing?

When running an evaluation copy of Webroot AntiSpyware Corporate Edition, there is no need to reinstall the software after a purchase has been made. Simply copy and paste the new licensed key code into the Admin Console under Admin Tasks - Settings. Click Apply Changes. Then go to Status - Update History, and then click the Check for Updates button to register the new code and update the license count.

back to top

Windows XP SP2, Firewall settings:

Windows XP SP2 is a supported platform. Testing so far indicates no issues as long as the necessary ports in the Windows firewall are open. See detailed SP2 configuration document Windows XP sp2 firewall.pdf. To receive this document, please contact technical support.

back to top

Error: 'No records to print' when trying to run error report:

An error report can be run to show a compiled list of client side errors. If the error log under Status > Errors does not list a workstation in the workstations column, the error is from the server. Server side errors do not print in an error report. Verify that errors did occur in the date range that you are selecting and that they are client side errors for the report to run successfully.

back to top

SMTP credential configuration settings:

These parameters can be set from the E-mail tab on the Settings page.

back to top

When are definition updates released?

Currently definition files are released on an average of once or twice a week.

back to top

Symantec AV 10 and Webroot AntiSpyware Corporate Edition

After installing Symantec AV 10 (Client or Server applications) on a machine running the Enterprise Spy Sweeper Client application, Symantec will not launch. The following errors may occur:

Microsoft Management Console:

Snap-in failed to initialize

Name: <'unknown'>

CLSID: {103363F4-69F9-1102-B34C-00104822D5DF}

or

The Application: Spy Sweeper on Workstation Workstation_Name,Generated error code: -2, Level 1, with the text:

Failed to initiate change notification for key

HKEY_LOCAL_MACHINE\\Software\\Microsoft\\
Windows\\CurrentVersion\\RunServices

Error: Illegal operation attempted on a registry key that has been marked for deletion

(Addr: $000E8E1C; Frozen: 0; Thread ID: 1132)

The above errors are generated from an installation that occurred while the Webroot Spy Sweeper Client application had the 'Startup Shield' enabled. The Webroot Startup shield actively watches startup items in the Windows Registry for any changes. Some spyware will attempt to add startup items to the registry so that the spyware will always start when Windows starts. The Startup shield ensures that spyware cannot add entries to the Registry, but also effectively prevents end users from installing software on their systems without the consent of their System Administrators. If you attempted to install Symantec AV 10 while the Startup Shield was enabled, the installation will be incomplete. Please uninstall Symantec, disable the Startup Shield and reinstall the Symantec application. Once installation is complete, the Startup Shield can be enabled again.

back to top

When installing Webroot AntiSpyware Corporate Edition version 2.1 on Windows Server 2003 Service Pack 1, the installation fails

The errors produced by Windows will vary and the installation is halted. Following the steps below will often resolve installation problems that occur when installing the Admin Console on Windows Server 2003 SP1.

This is a change to the security setting of a customer's server and the customer should be informed of how DEP in Windows works.

More information can be found on Microsoft's website at the following link

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/memory/base/data_execution_prevention.asp

1. Open all Webroot ports in the Windows firewall.

  • Start -> control panel -> windows firewall
  • Webroot ports used (can also be found in the System Administrator's guide):
  • Client service port - 50000 by default.
  • This can be changed through the admin console.
  • Verify this on the admin console by going to admin tasks > Settings and then to the network tab.
  • Sweep now port - 50001
  • Poll now port - 50002
  • Distributor Port - 8080 by default in 2.0 and on upgrades; 50003 by default on fresh 2.1 installs.
  • Verify this on the admin console by going to admin tasks > Settings and then to the network tab.

2. Set the Windows Data Execution Prevention to "Essential Windows programs and services only"

  • This is found under: My computer (right click) -> Properties -> Advanced -> Performance (Settings) -> Data Execution Prevention
  • The DEP setting will require a reboot, and they should be made aware of this as Windows will immediately prompt after the setting is made.

back to top

McAfee VS 8.0i and Webroot AntiSpyware Corporate Edition

When both Webroot AntiSpyware Corporate Edition and McAfee VirusScan Enterprise 8.0i are installed, the following error can occur: Explorer.exe has encountered a problem and needs to close.

Below is a link to a McAfee knowledgebase article containing instructions on how to configure the McAfee software to avoid the interaction with Windows Explorer on systems with both the Webroot AntiSpyware Corporate Edition and McAfee client installed. As the McAfee article points out, both clients are hooking the same point to defend the system. The Webroot AntiSpyware Corporate Edition hooks provide key components of system defense, so the McAfee recommendation to adjust their client is very sensible. We continue to work with major software vendors to ensure Webroot AntiSpyware Corporate Edition works well with other desktop software to provide the best spyware defense of your systems.

Link to McAfee knowledgebase

back to top

Customers experiencing difficulty when obtaining updates from the Admin Console when running Windows 2003 Service Pack 1 server.

Customers running Microsoft Windows Server 2003 Service Pack 1 with ISA 2000, 2004 and other firewall software are experiencing this issue. Microsoft service packs for ISA 2000 and ISA 2004 will resolve this issue. Here is a link to Microsoft's ISA homepage:

http://www.microsoft.com/isaserver/default.mspx

back to top

Support

Contact Enterprise Support

Threat Research Center

Testimonial

"I've had an exceptional experience dealing with Webroot technical support. Each issue/question I've encountered has been addressed promptly and with great professionalism. Thank you!"


Chad Rider
Cooper Tire & Rubber Company

Copyright © 2012 Webroot Software, Inc.