Issuing Commands to Endpoints



Hello. You have arrived at an outdated topic. Please click this link to be redirected to the updated Endpoint Protection Admin Guide.

From the Management Portal, you can issue commands to individual endpoints or to a group of endpoints. For example, you might want to scan an endpoint at a remote location. With these commands, you can easily run all the same commands that are available on the endpoint's SecureAnywhere software.

Be aware that the endpoint may not receive the command until the next polling interval. If necessary, you can change the polling interval in its associated policy; for more information, see Changing Policy Settings. Or you can force an immediate polling, as described in Forcing Immediate Updates (Forced Polling).

Note: Depending on your access permissions for Commands, Simple, Advanced, or Expert, you may not see all the commands listed in this section. Administrators can change access permissions, as described in Setting Permissions for Portal Users.

To issue a command to an endpoint:

  1. From the Endpoint console, click the Group Management tab.



    The Group Management tab displays.




  2. In the Groups column, select the group that contains the endpoints you want to issue commands to.



  3. In the Endpoints panel, do either of the following to display information about an endpoint:
    • Select the checkbox next to the one endpoint.
    • Select the checkbox at the top of the Checkbox column.



    When you select one or more checkboxes, additional commands in the command bar become active and ready for use.




  4. In the command bar, click the Agent Commands down arrow. 



    Based on your selection, the Agent Commands menu displays.
    • If you selected PC endpoints or PC and Mac endpoints, your Agent Commands menu displays as follows:




    • If you selected only Mac endpoints, your Agent Commands menu displays as follows, and does not include Identity Shield commands or the option to remove password protection:




  5. Select a category of agent commands and then, from the menu that expands, select a command to run.
    For a description of each command, see the tables following these steps.
  6. As needed, do either of the following:
    • To see the status of commands you sent, from the Agent Command menu, select View commands for selected endpoints.




    • To review the Command Log, in the main Endpoint Protection console, click the Logs tab. For more information, see Viewing the Command Log.






    Endpoint Protection will issue the commands on the next polling interval for Windows computers. If needed, you can either change the polling interval in Basic Configuration of the group's policy or you can force the changes immediately as described in Forcing Immediate Updates (Forced Polling).



The following tables describe each of the endpoint commands:

Agent Commands
Scan

Run a Deep scan in the background as soon as the endpoint receives the command.

When the scan completes, the Scan History panel shows the results for a Deep scan.

Be aware that any detected threats are not automatically quarantined. You must take action yourself in the portal by running a Clean-up or by creating an override. 

This command runs on both PC and Mac endpoints.

Change scan time

Select a new time of day to scan the endpoint.

By default, SecureAnywhere runs a scan every day at about the same time it was installed. For example, if you installed SecureAnywhere on the endpoint at noon, a scan will always run around 12 p.m. With this command, you can change it to a different hour.

This command runs on both PC and Mac endpoints.

Scan a folder

Runs a full, file-by-file scan on a specific folder. Be sure to enter the full path name.

On a Windows system, for example, you would enter:

C:\Documents and Settings\Administrator\My Documents
 
On a Mac system, for example, you would enter:
/Applications
 
This command runs on both PC and Mac endpoints.
Clean up

Start a scan and automatically quarantine malicious files.

When the scan completes, the Scan History panel shows results for the Post Cleanup Scan.

This command runs on both PC and Mac endpoints.

System Optimizer

Run the System Optimizer on the endpoint, which removes all traces of webbrowsing history, files that reveal the user's activity, and files that consume valuable disk space, such as files in the Recycle Bin and Windows temp files.

You can change the System Optimizer options in the Policy settings.

This command runs on both PC and Mac endpoints.

Uninstall

Uninstall SecureAnywhere from the endpoint.

With this command, the endpoint is still shown in the Management Portal.

To uninstall SecureAnywhere and free up a seat in your license, deactivate the endpoint instead. For more information, see Deactivating Endpoints.

This command runs on both PC and Mac endpoints.

Reset

Return SecureAnywhere settings on the endpoint to their default values.

This command runs on both PC and Mac endpoints.

Remove password protection

Disable password protection from the endpoint user's control, which allows administrators to gain access to the endpoint if they are locked out.

This command runs only on PC endpoints.

Showgui

Displays the UI if policy allows for it.

Example: "c:\program files\webroot\wrsa.exe" –showgui

This command runs only on PC endpoints.

Silentscan

Initiates a silent scan where the scan UI will not be presented to the user but will be seen if hovering over tray icon.

Command example:

WRSA.exe -silentscan="c:\foldername"

Example of run command to scan a folder:

"C:\Program Files\Webroot\WRSA.exe" -silentscan="c:\Documents and Settings\Administrator\Desktop"

Example of run command to scan a file:

"C:\Program Files\Webroot\WRSA.exe" -silentscan="c:\Documents and Settings\Administrator\Desktop\eicar.com"

This command runs only on PC endpoints.

 

Clear Data Commands
Clear files

Erase current log files, which frees space on the endpoint.

This command runs on both PC and Mac endpoints.

Disable proxy settings

Disable any proxy settings the endpoint user set on the endpoint.

This command runs on both PC and Mac endpoints.

Note: Do not use this command if the endpoint's only Internet access is through the proxy server. The endpoint will no longer be able to communicate with the cloud.

 

Keycode Commands
Change keycode

Enter a different keycode.

This command runs on both PC and Mac endpoints.

Note: The drop-down list shows only keycodes that are assigned to this console.
Change keycode temporarily

Switch the keycode used for this endpoint temporarily, which might be necessary for testing purposes.

In the dialog box, choose a keycode from the drop-down list, then specify the dates for SecureAnywhere to use it. When the specified time for the change elapses, the keycode reverts to the original.

This command runs only on PC endpoints.

 

Power & User Access Commands
Lock endpoint

Lock this endpoint by activating the login screen. The user must enter a user name and password to log back in.

This command runs on both PC and Mac endpoints.

Log off

Log the user out of the account.

This command runs on both PC and Mac endpoints.

Restart

Restart this endpoint when it reports in.

This command runs on both PC and Mac endpoints.

Reboot in Safe Mode with Networking

Restart this endpoint in Safe Mode with Networking.

This command runs only on PC endpoints.

Shutdown

Shut down this endpoint when it reports in.

This command runs on both PC and Mac endpoints.

 

Antimalware Tools Commands
Reset desktop wallpaper

Reset the desktop wallpaper to the default settings, which might be necessary if the endpoint was recently infected with malware that changed it.

After sending this command, the user must restart the PC endpoint.

This command runs on both PC and Mac endpoints.

Reset screen saver

Reset the screen saver to the default settings, which might be necessary if the endpoint was recently infected with malware that changed it.

This command runs on both PC and Mac endpoints.

Reset system policies

Reset the Windows system policies, which might be necessary if the endpoint was recently infected with malware that changed such policies as the Task Manager settings.

This command runs only on PC endpoints.

Note: This command resets Windows policies, not Endpoint Protection policies.
Restore file

Restores a quarantined file to its original location, using its MD5 value.

This command runs only on PC endpoints.

For more information about how to locate a file's MD5 value, see Applying Overrides From the Overrides Tab.

 

File & Processes Commands
Reverify all files and processes

Re-verify this file's classification when the next scan runs.

This command is useful if you have established some overrides and need them to take effect on an endpoint.

This command runs only on PC endpoints.

Consider all items as good

Consider all detected files on this endpoint as safe to run.

This command is useful if you find numerous false positives on an endpoint and need to quickly tag them as "Good."

This command runs only on PC endpoints.

Allow processes blocked by firewall

Allow communication for all processes that are blocked by the Firewall setting.

This command runs only on PC endpoints.

Stop untrusted processes

Terminate any untrusted processes, which might be necessary if a regular scan did not remove all traces of a malware program.

The processes stop immediately, but are not prevented from running again later.

This command runs only on PC endpoints.

 

Identity Shield Commands
Allow application

Allow an application to run on the endpoint.

To identify the application, you must enter its MD5 value. To determine an MD5 value, see Applying overrides from the Overrides tab.

This command runs only on PC endpoints.

Deny application

Block an application from running on the endpoint.

To identify the application, you must enter its MD5 value. To determine an MD5 value, see Applying overrides from the Overrides tab.

This command runs only on PC endpoints.

Allow all denied applications

Re-set all applications previously blocked, so they can run on the endpoint.

This command runs only on PC endpoints.

Protect an application

Add extra security to an application running on the endpoint.

To identify the application, you must enter its MD5 value. To determine an MD5 value, see Applying overrides from the Overrides tab.

This command runs only on PC endpoints.

Unprotect an application

Re-set the application to standard protection, if you previously used the Protect an application command to add extra security.

To identify the application, you must enter its MD5 value. To determine an MD5 value, see Applying overrides from the Overrides tab.

This command runs only on PC endpoints.

 

Advanced Commands
Run Customer Support Script

Run a clean-up script on the endpoint to remove malware infections. You must specify a network path to the file.

This command runs only on PC endpoints. 

Customer Support Diagnostics

Run the WSABLogs utility to gather information about an infected endpoint.

The Customer Support Diagnostics dialog shows the location of the utility's executable file, and the email address associated with the endpoint account. Clicking Submit runs the utility and sends the results to Webroot Business support.

You can specify optional advanced settings to send an additional file, to save the log locally instead of sending it, and gather a memory dump.

This command runs on both PC and Mac endpoints.

Note: Optional settings do not apply to Mac and are not necessary for that platform.
Download and run a file

Specify a file's direct URL to download it to the agent, and then run it remotely at the system level.

You can also enter command-line options; for example, you could specify the /s parameter so that the file you download runs silently in the background.

Command-line options must be supported by the file you are downloading and executing.

This command runs on both PC and Mac endpoints.

Run a DOS command

Specify the DOS command to run remotely at the system level, which is useful for simple changes or for running a script.

Keep in mind that the Management Portal will not display results.

This command runs on PC endpoints, and can be used to run shell commands on Mac endpoints.

Run a registry command

Specify the registry command to run remotely at the system level.

This command uses the same syntax as reg.exe, but does not call reg.exe. You can only refer directly to local registry hive paths, for example, HKLM\Software\. You cannot include the name of the computer in the path.

This command runs only on PC endpoints.