Agent Commands are a helpful feature available in the Webroot Management console. They provide a way for admins to remotely issue commands to Webroot agents for a variety of purposes. Actions like scanning, cleaning up threats, uninstalling the agent and even restarting the device are available. See the Agent Command List below for the complete list.
You can use the Command Log to see a list of Agent Commands sent per device. The Command Log can be exported in CSV format.
+Using the Webroot Management console to issue Agent Commands
+Agent Command Log
+Agent Commands and the Endpoint Protection console
+Agent Command List
For additional assistance with Agent Commands, please contact Support.
You can use the Command Log to see a list of Agent Commands sent per device. The Command Log can be exported in CSV format.
Notes:
- Standard agent commands stay active for 2 days after being issued
- Uninstall Agent and Deactivate Device commands stay active for 30 days
- Agent commands can be issued up to 14 days after a keycode has expired
+Using the Webroot Management console to issue Agent Commands
- Log into the Webroot management console.
- In the left nav bar, click Entities.
- In the Sites & Groups list, find and click the Site name that contains the devices to send Agent Commands to.
- Check the boxes for the devices, then click the Agent Commands drop-down menu at the top of the screen.
- Select the Agent Command to send, which opens a new window.
- Some Agent Commands require additional information. Enter any requested information then click the Agent Command in the bottom part of the window to send it to the selected devices.
- The system will briefly display a Success message.
- Agent Commands are received and processed during the polling interval assigned to the policy for that device. You can force a device to check-in.
+Agent Command Log
- Log into the Webroot management console.
- In the left nav bar, click Entities.
- In the Sites & Groups list, find and click the Site name that contains the devices to review the command logs for.
- Check the boxes for the devices to review, click the Agent Commands drop-down menu at the top of the screen and select View Command Log.
- The Command Log displays details about the Agent Commands sent to the selected devices.
- Status information:
- Not yet received - the agent has not checked in and received the command
- Executed - the agent has received and executed the command. Keep in mind that this is not a reflection of the success of the remotely executed command, only that the agent has received and attempted to execute it.
- Elapsed - the Agent Command was not received and processed
- Status information:
+Agent Commands and the Endpoint Protection console
Note: It is best practice to use the Webroot Management console to issue Agent Commands. The Endpoint Protection console contains some Agent Commands that may no longer be supported.
- Log in to the Webroot Management console.
- In the left nav bar, select Sites List and find and click the Site where you want to issue Agent Commands. You can also use the box at the top of the page to search for a Site by name.
- On the right side of the screen under the Subscriptions column, hover your mouse over E and click the rectangular icon with the arrow pointing to the upper right. This opens the Endpoint Protection console.
- In the top menu, click Group Management.
- The left pane shows the list of Groups. Click a Group to display its devices in the pane to the right.
- Check the boxes for the devices, then click the Agent Commands drop-down menu at the top of the screen.
- Select the Agent Command to send, which opens a new window.
- Some Agent Commands require additional information. Enter any requested information then click the Agent Command in the bottom part of the window to send it to the selected devices.
- The system will briefly display a Success window containing additional information about polling.
- Agent Commands are received and processed during the polling interval assigned to the policy for that device. You can force a device to check-in.
+Agent Command List
Here is the list of supported Agent Commands and information about each.
Here are the additional commands available after clicking View All Commands:
| Agent Command | Windows, Mac or Both | Description |
| Scan | Both | Run a Deep scan in the background as soon as the device receives the command. When the scan completes, Scan History panel shows the results for the scan. Be aware that any detected threats are not automatically quarantined. You must take action yourself in the portal by running a Clean-up or by creating an override. |
| Clean up | Both | Start a scan and automatically quarantine malicious files. When the scan completes, the Scan History panel shows results for the Post Cleanup Scan. |
| Uninstall | Both | Uninstall the Webroot agent from the device. When this command is executed, the device is still shown in the console. If you want to uninstall the Webroot agent and free up a seat in your license, deactivate the device instead. See Deactivating endpoints. |
| Deactivate Device | Both | Uninstalls the Webroot agent, releases the keycode and moves the device into the Deactivated Endpoints Group. |
| Change Keycode | Both | Enter a different keycode. Note: The drop-down list shows only keycodes that are assigned to this console. |
| Re-Verify All Files and Processes | Windows | Re-verify this file's classification when the next scan runs. This command is useful if you have created overrides and need them to take effect on an endpoint. |
| Restore File | Windows | Restores a quarantined file to its original location, using its MD5 value. |
| Run Customer Support Script | Both | Run a clean-up script supplied by Webroot Support or the Webroot AMR Team to remove malware infections. You must specify a network path to the file. |
| System Optimizer | Windows | Run System Optimizer on the device, which removes all traces of web browsing history, files that reveal the user's activity, and files that consume valuable disk space (files in the Recycle Bin and Windows temp files). You can change System Optimizer settings in Policy settings. |
| Reset | Both | Return the Webroot agent settings on the device to their default values. |
| Restart Device | Both | Restart this device when it checks in. |
| View All Commands | Click to see a complete list of all available agent commands. |
Here are the additional commands available after clicking View All Commands:
| Agent Command | Windows, Mac or Both | Description |
| Allow Application | Windows | Enter the MD5 of an application to allow. |
| Allow Processes Blocked By Firewall | Windows | Allow communication for all processes blocked by the Firewall. |
| Change Scan Time | Both | Change the time scans are run on the device, available in half hour increments. |
| Clear Log Files | Both | Erases local log files to free up disk space on the device. |
| Consider All Items As Good / Allow All Denied Applications | Windows | Consider all current items as known good and safe to run. |
| Customer Support Diagnostics | Both | Creates a dump of files useful for troubleshooting. Requires URL to log utility (provided) and an email address for tracking. Various options are available to change what information is gathered. Normally used under the direction of Support. |
| Deny Application | Windows | Enter the MD5 of an application to block. |
| Disable Proxy Settings | Both | Disable any proxy settings that were present on the device when the Webroot agent was installed. Be cautious using this command. If you disable proxy settings for a device whose only access to the Internet is through the proxy server, the device will no longer be able to communicate with the internet. |
| Lock Endpoint | Both | Locks the device, requiring a user to log back into it using a valid username and password. |
| Log Off | Both | Logs the currently logged in user off the device. |
| Protect An Application | Windows | Enter the MD5 of an application to protect. |
| Remove Password Protection | Windows | If the device has a local password applied to the Webroot agent, use this command to remove it. |
| Reset Desktop Wallpaper | Both | Reset the desktop wallpaper to the default settings. You must restart the device to see the result of this command. |
| Reset Screen Saver | Both | Reset the screen saver to the default settings. You must restart the device to see the result of this command. |
| Reset System Policies | Windows | Reset system policies in the registry that might prevent the use of administrative Windows functions, such as opening the Task Manager |
| Restart in Safe Mode With Networking | Windows | Restarts the Windows device in safe mode with networking. |
| Scan A Folder | Both | Scans the specified folder. Enter the exact path, for example: C:/Windows |
| Shutdown | Both | Shuts the device down after the agent checks in. |
| Stop Untrusted Processes | Windows | Stop processes that are not allow-listed (any files with an Unknown categorization). These processes will be stopped immediately, but can be run again. |
| Unprotect An Application | Windows | Enter the MD5 of an application to unprotect. |
For additional assistance with Agent Commands, please contact Support.
Thanks for your feedback!
Powered by NOHOLD Inc. U.S. Patent No. 10,659,398
All Contents Copyright© 2024