Preparing for Setup

Hello. You have arrived at an outdated topic. Please click this link to be redirected to the updated Endpoint Protection Admin Guide.

Before you begin, review the configuration steps in this section and make sure your environment meets the system requirements.

Note: These configuration steps are intended for the Endpoint Protection administrator who has full access permissions
Configuration Steps
  1. Create an account using your keycode. You should have received the keycode in an email from Webroot. For more information, see Creating a Webroot Account.
  2. Log in to the Management Portal and open the Setup Wizard. In the wizard, you must select a default policy for SecureAnywhere installations on endpoints. An endpoint can be any Windows corporate workstation, such as a PC, laptop, server, or virtual server. A policy defines the SecureAnywhere settings, including how the program scans for threats and manages detected items. After you select a policy, a Welcome panel opens and provides information about how to deploy SecureAnywhere to endpoints. For more information, see Logging In and Using the Setup Wizard.
  3. Optional. Edit your account settings for the Management Portal, including your contact number and a time zone where you are located. For more information, see Editing Your Own Account Settings. You can also create logins for other administrators to access the Management Portal. For more information, see Managing Portal Users.
  4. Deploy the SecureAnywhere software to the endpoints. For more information, see Deploying SecureAnywhere to Endpoints.
  5. Determine if the default policy is sufficient for your business needs. If needed, add new policies with different settings as described in Implementing Policies. You cannot change the Webroot default policies. You may also need to create overrides for certain files that you consider legitimate applications. See Applying Overrides From the Overrides Tab.
  6. Determine if you need to create separate groups of endpoints for different management purposes. When you deploy SecureAnywhere to your endpoints, Endpoint Protection places them all in one Default group. If needed, you can create new groups and assign them to new policies. See Organizing Endpoints Into Groups.
  7. Optional. Customize alert messages that will be sent to a distribution list whenever endpoints report an infection or whenever SecureAnywhere is installed on new endpoints. For more information, see Implementing Alerts.

System Requirements
You can use Endpoint Protection with the following browsers and server platforms.
Management Portal Access
  • Internet Explorer® version 8 and newer
  • Mozilla® Firefox® version 3.6 and newer
  • Chrome® 11 and newer
  • Safari® 5 and newer
  • Opera® 11 and newer
Note: Microsoft Edge® browser not currently supported.
Supported PC Platforms
  • Windows® 10, 32 and 64-bit
  • Windows 8, 8.1, 32 and 64-bit
  • Windows 7, 32 and 64-bit
  • Windows Vista®, 32 and 64-bit
  • Windows XP® Service Pack 2 and 3, 32 and 64-bit
  • Windows XP Embedded
  • Mac OS® X v.10.7.3 (OS X LionTM)
  • Mac OS X v.10.8 (OX X Moutain Lion®)
  • Mac OS X v.10.9 (OS X Mavericks®)
  • Mac OS X v.10.10 (OS X Yosemite®)
  • Mac OS X v.10.11 (OS X El Captain®)
Server Platforms
  • Windows Server® 2012 Standard, R2
  • Windows Server 2008 R2 Foundation, Standard, Enterprise
  • Windows Server 2003 Standard, Enterprise, Service Pack2, 32 and 64-bit
  • Windows Small Business Server 2008, 2011, 2012
  • Windows Server Core 2003, 2008, 2012
  • Windows Server 2003 R2 for Embedded Systems
  • Windows Embedded Standard 2009 SP2
  • Windows XP Embedded SP1, Embedded Standard 2009 SP3
  • Windows Embedded for POS Version 1.0
Virtual Server Platforms
  • VMware® vSphere® 5.5 and older (ESX/ESXi 5.5 and older), Workstation 9.0 and older, Server 2.0 and older
  • Citrix® XenDesktop® 5, XenServer® 5.6 and older, XenApp® 6.5 and older
  • Microsoft Hyper-V® Server 2008, 2008 R2, 2012 and 2012 R2
  • Virtual Box®
Endpoint Requirements for PCs and Laptops Processor:
  • Intel Pentium/Celeron family AMD K6/Athlon/Duron family
  • Other compatible processor with those listed above

  • 128 MB RAM (minimum)

  • Google Chrome® 11 and newer
  • Internet Explorer® version 7 and newer
  • Mozilla Firefox® version 3.6 and newer
  • Safari® 5 and newer
  • Opera® 11 and newer
Communicating Through a Firewall
If a firewall is in place, please allow Webroot’s path masks through the firewall, as described in the following table.
* Port 443  (https)  Agent communication and updates.
Note:   Some firewalls do not support double dotted subdomain names with a single wildcard mask, for example, being represented by *, so some environments might require either * or *.*
* Port 443  (https) Agent messaging.
* Port 443  (https) Agent file downloading and uploading. Port 80 (http) & 443  (https) Required for agent Web Filtering, elasticbeanstalk is an amazon AWS domain.
* Port 80 (http) & 443  (https) Management portal and support ticket logs upload.
When attempting to use proxy settings with Webroot SecureAnywhere Business – Endpoint Protection, there are additional methods to allow the Webroot product to communicate with our cloud servers. These are listed below.
Entering a Proxy Bypass
This is the method that we recommend.
  1. Enter a proxy bypass for g*
    Note:  If you choose this option, be sure that the wild card mask (*) is supported. If not, you must add 100 separate URLs, for example, g1, g2, g3, ..., g99, g100.


Entering Proxy Information Within the Installer
This is the alternate method that we recommend.
  1. Download the SecureAnywhere MSI installer to a network share:
  2. Use an msi editor.
  3. On the Property table, enter the subscription keycode in the GUILIC property and the proxy credentials on the CMDLINE property using the following commands:
    -proxyhost=X -proxyport=X -proxyuser=X -proxypass=X -proxyauth=#
  4. Always use all parameters and blank out any value you don't need with double quotes, for example:
    proxyauth # being: 0 = Any authentication 1 = Basic 2 = Digest 3 = Negotiate 4 = NTLM
  5. These arguments can also be applied with an executable install, for example:
    C:\wsasme.exe /key=xxxx-xxxx-xxxx-xxxx-xxxx /silent -proxyhost=nn.nn.nn.nn -proxyauth=n -proxyuser="proxyuser" -proxypass="password" -proxyport=port_number
Entering Proxy Information on Each Endpoint Post Deployment
We recommend that you use this method only if you are unable to enter a proxy bypass or enter proxy information within the installer.
  1. Open the SecureAnywhere Endpoint Protection Group Management tab, open a group, and select an endpoint.
  2. In the Policy column of the selected endpoint, double-click its policy name to open a list of available policies.
  3. Select the unmanaged policy and apply. A red flag on the new policy name reminds you that you’ve made a change.
  4. Click Save Changes.
  5. Once applied, go to each individual endpoint workstation and follow the instructions below.
  6. Open SecureAnywhere Endpoint Protection from the system tray icon.
  7. Click Settings.
  8. In the Settings window, open the Proxy tab.
  9. Enter your proxy information.
  10. Click Save All to save your changes.
  11. After entering the proxy information, you can move the machine back to the original policy.
    Note: The best way to test proxy settings is to ensure there is no Internet access via the default gateway. You can hardcode an IP address and subnet mask for the endpoint’s network card without adding a default gateway or DNS server. As long as the proxy server is on the same subnet, you can be sure that the only Internet access is via the proxy server.