Before you begin, review the configuration steps in this section and make sure your environment meets the system requirements.
These configuration steps are intended for the Endpoint Protection administrator who has full access permissions
Create an account using your keycode. You should have received the keycode in an email from Webroot. For more information, see Creating a Webroot Account.
Log in to the Management Portal and open the Setup Wizard. In the wizard, you must select a default policy for SecureAnywhere installations on endpoints. An endpoint can be any Windows corporate workstation, such as a PC, laptop, server, or virtual server. A policy defines the SecureAnywhere settings, including how the program scans for threats and manages detected items. After you select a policy, a Welcome panel opens and provides information about how to deploy SecureAnywhere to endpoints. For more information, see Logging In and Using the Setup Wizard.
Optional. Edit your account settings for the Management Portal, including your contact number and a time zone where you are located. For more information, see Editing Your Own Account Settings. You can also create logins for other administrators to access the Management Portal. For more information, see Managing Portal Users.
Determine if the default policy is sufficient for your business needs. If needed, add new policies with different settings as described in Implementing Policies. You cannot change the Webroot default policies. You may also need to create overrides for certain files that you consider legitimate applications. See Applying Overrides From the Overrides Tab.
Determine if you need to create separate groups of endpoints for different management purposes. When you deploy SecureAnywhere to your endpoints, Endpoint Protection places them all in one Default group. If needed, you can create new groups and assign them to new policies. See Organizing Endpoints Into Groups.
Optional. Customize alert messages that will be sent to a distribution list whenever endpoints report an infection or whenever SecureAnywhere is installed on new endpoints. For more information, see Implementing Alerts.
You can use Endpoint Protection with the following browsers and server platforms.
BROWSER AND PLATFORM
Management Portal Access
Internet Explorer® version 8 and newer
Mozilla® Firefox® version 3.6 and newer
Chrome® 11 and newer
Safari® 5 and newer
Opera® 11 and newer
Microsoft Edge® browser not currently supported.
Supported PC Platforms
Windows® 10, 32 and 64-bit
Windows 8, 8.1, 32 and 64-bit
Windows 7, 32 and 64-bit
Windows Vista®, 32 and 64-bit
Windows XP® Service Pack 2 and 3, 32 and 64-bit
Windows XP Embedded
Mac OS® X v.10.7.3 (OS X LionTM)
Mac OS X v.10.8 (OX X Moutain Lion®)
Mac OS X v.10.9 (OS X Mavericks®)
Mac OS X v.10.10 (OS X Yosemite®)
Mac OS X v.10.11 (OS X El Captain®)
Windows Server® 2012 Standard, R2
Windows Server 2008 R2 Foundation, Standard, Enterprise
Windows Server 2003 Standard, Enterprise, Service Pack2, 32 and 64-bit
Windows Small Business Server 2008, 2011, 2012
Windows Server Core 2003, 2008, 2012
Windows Server 2003 R2 for Embedded Systems
Windows Embedded Standard 2009 SP2
Windows XP Embedded SP1, Embedded Standard 2009 SP3
Windows Embedded for POS Version 1.0
Virtual Server Platforms
VMware® vSphere® 5.5 and older (ESX/ESXi 5.5 and older), Workstation 9.0 and older, Server 2.0 and older
Citrix® XenDesktop® 5, XenServer® 5.6 and older, XenApp® 6.5 and older
Microsoft Hyper-V® Server 2008, 2008 R2, 2012 and 2012 R2
Endpoint Requirements for PCs and Laptops
Intel Pentium/Celeron family AMD K6/Athlon/Duron family
Other compatible processor with those listed above
If a firewall is in place, please allow Webroot’s path masks through the firewall, as described in the following table.
Port 443 (https)
Agent communication and updates.
Some firewalls do not support double dotted subdomain names with a single wildcard mask, for example, g1.p4.webrootcloudav.com being represented by *.webrootcloudav.com, so some environments might require either *.p4.webrootcloudav.com or *.*.webrootcloudav.com.
Port 443 (https)
Port 443 (https)
Agent file downloading and uploading.
Port 80 (http) & 443 (https)
Required for agent Web Filtering, elasticbeanstalk is an amazon AWS domain.
Port 80 (http) & 443 (https)
Management portal and support ticket logs upload.
When attempting to use proxy settings with Webroot SecureAnywhere Business – Endpoint Protection, there are additional methods to allow the Webroot product to communicate with our cloud servers. These are listed below.
Entering a Proxy Bypass
This is the method that we recommend.
Enter a proxy bypass for g*.p4.webrootcloudav.com
If you choose this option, be sure that the wild card mask (*) is supported. If not, you must add 100 separate URLs, for example, g1, g2, g3, ..., g99, g100.
Entering Proxy Information Within the Installer
This is the alternate method that we recommend.
Download the SecureAnywhere MSI installer to a network share:
Entering Proxy Information on Each Endpoint Post Deployment
We recommend that you use this method only if you are unable to enter a proxy bypass or enter proxy information within the installer.
Open the SecureAnywhere Endpoint Protection Group Management tab, open a group, and select an endpoint.
In the Policy column of the selected endpoint, double-click its policy name to open a list of available policies.
Select the unmanaged policy and apply. A red flag on the new policy name reminds you that you’ve made a change.
Click Save Changes.
Once applied, go to each individual endpoint workstation and follow the instructions below.
Open SecureAnywhere Endpoint Protection from the system tray icon.
In the Settings window, open the Proxy tab.
Enter your proxy information.
Click Save All to save your changes.
After entering the proxy information, you can move the machine back to the original policy.
The best way to test proxy settings is to ensure there is no Internet access via the default gateway. You can hardcode an IP address and subnet mask for the endpoint’s network card without adding a default gateway or DNS server. As long as the proxy server is on the same subnet, you can be sure that the only Internet access is via the proxy server.