From the Management Portal, you can issue commands to individual endpoints or to a group of endpoints. For example, you might want to scan an endpoint at a remote location. With these commands, you can easily run all the same commands that are available on the endpoint's SecureAnywhere software.
Be aware that the endpoint may not receive the command until the next polling interval. If necessary, you can change the polling interval in its associated policy or you can force an immediate polling. For more information, see Changing Policy Settings or Forcing Immediate Updates.
Note: Depending on your access permissions for Commands, such as Simple, Advanced, or Expert, you may not see all the commands listed in this section. Administrators can change access permissions; for more information, see Setting Console User Permissions.
To issue commands to endpoints:
- From the Endpoint console, click the Group Management tab.
The Group Management tab displays. - In the Groupscolumn, select the group that contains the endpoints you want to issue commands to.
- In the Endpoints panel, do either of the following to display information about an endpoint:
- Select the checkbox next to the one endpoint.
- Select the checkbox at the top of the Checkbox column.
When you select one or more checkboxes, additional commands in the command bar become active and ready for use.
- In the command bar, click the Agent Commands down arrow.
Based on your selection, the Agent Commands menu displays.
- If you selected PC endpoints or PC and Mac endpoints, your Agent Commands menu displays as follows:
- If you selected only Mac endpoints, your Agent Commands menu displays as follows, and does not include Identity Shield commands or the option to remove password protection:
- If you selected PC endpoints or PC and Mac endpoints, your Agent Commands menu displays as follows:
- Select a category of agent commands and then, from the menu that expands, select a command to run.
For a description of each command, see the tables following these steps.
COMMAND DESCRIPTION AGENT COMMANDS Scan
Run a Deep scan in the background as soon as the endpoint receives the command.
When the scan completes, the Scan History panel shows the results for a Deep scan.
This command runs on both PC and Mac endpoints.
Note: Any detected threats are not automatically quarantined. You must take action yourself in the portal by running a Clean-up or by creating an override.
Change scan time
Select a new time of day to scan the endpoint.
By default, SecureAnywhere runs a scan every day at about the same time it was installed. For example, if you installed SecureAnywhere on the endpoint at noon, a scan will always run around 12 p.m. With this command, you can change it to a different hour.
This command runs on both PC and Mac endpoints.
Scan a folder
Runs a full, file-by-file scan on a specific folder. Be sure to enter the full path name.
On a Windows system, for example, you would enter:
C:\Documents and Settings\Administrator\My Documents
On a Mac system, for example, you would enter:
/Applications
This command runs on both PC and Mac endpoints.
Clean up
Start a scan and automatically quarantine malicious files.
When the scan completes, the Scan History panel shows results for the Post Cleanup Scan.
This command runs on both PC and Mac endpoints.
System Optimizer
Run the System Optimizer on the endpoint, which removes all traces of webbrowsing history, files that reveal the user's activity, and files that consume valuable disk space, such as files in the Recycle Bin and Windows temp files.
You can change the System Optimizer options in the Policy settings.
This command runs on both PC and Mac endpoints.
Uninstall
Uninstall SecureAnywhere from the endpoint.
With this command, the endpoint is still shown in the Management Portal.
To uninstall SecureAnywhere and free up a seat in your license, deactivate the endpoint instead. For more information, see Deactivating Endpoints.
This command runs on both PC and Mac endpoints.
Reset
Return SecureAnywhere settings on the endpoint to their default values.
This command runs on both PC and Mac endpoints.
Remove password protection
Disable password protection from the endpoint user's control, which allows administrators to gain access to the endpoint if they are locked out.
This command runs only on PC endpoints.
Showgui
Displays the UI if policy allows for it.
Example: "c:\program files\webroot\wrsa.exe" –showgui
This command runs only on PC endpoints.
Silentscan
Initiates a silent scan where the scan UI will not be presented to the user but will be seen if hovering over tray icon.
Command example:
WRSA.exe -silentscan="c:\foldername"
Example of run command to scan a folder:
"C:\Program Files\Webroot\WRSA.exe" -silentscan="c:\Documents and Settings\Administrator\Desktop"
Example of run command to scan a file:
"C:\Program Files\Webroot\WRSA.exe" -silentscan="c:\Documents and Settings\Administrator\Desktop\eicar.com"
This command runs only on PC endpoints.
Clear Data Commands
Clear files Erase current log files, which frees space on the endpoint.
This command runs on both PC and Mac endpoints.
Disable proxy settings
Disable any proxy settings the endpoint user set on the endpoint.
This command runs on both PC and Mac endpoints.
Note: Do not use this command if the endpoint's only Internet access is through the proxy server. The endpoint will no longer be able to communicate with the cloud.
KEYCODE COMMANDS
Change keycode Enter a different keycode.
This command runs on both PC and Mac endpoints.
Note: The drop-down list displays only keycodes that are assigned to this console.
Change keycode temporarily
Switch the keycode used for this endpoint temporarily, which might be necessary for testing purposes.
In the dialog box, choose a keycode from the drop-down list, then specify the dates for SecureAnywhere to use it. When the specified time for the change elapses, the keycode reverts to the original.
This command runs only on PC endpoints.
Lock endpoint
Lock this endpoint by activating the login screen. The user must enter a user name and password to log back in.
This command runs on both PC and Mac endpoints.
Log off
Log the user out of the account.
This command runs on both PC and Mac endpoints.
Restart
Restart this endpoint when it reports in.
This command runs on both PC and Mac endpoints.
Reboot in Safe Mode with Networking
Restart this endpoint in Safe Mode with Networking.
This command runs only on PC endpoints.
Shutdown
Shut down this endpoint when it reports in.
This command runs on both PC and Mac endpoints.
Antimalware Tools commands Reset desktop wallpaper
Reset the desktop wallpaper to the default settings, which might be necessary if the endpoint was recently infected with malware that changed it.
After sending this command, the user must restart the PC endpoint.
This command runs on both PC and Mac endpoints.
Reset screen saver
Reset the screen saver to the default settings, which might be necessary if the endpoint was recently infected with malware that changed it.
This command runs on both PC and Mac endpoints.
Reset system policies
Reset the Windows system policies, which might be necessary if the endpoint was recently infected with malware that changed such policies as the Task Manager settings.
This command runs only on PC endpoints.
Note: This command resets Windows policies, not Endpoint Protection policies.
Restore file
Restores a quarantined file to its original location, using its MD5 value.
For more information about how to locate a file's MD5 value, see Applying Overrides From the Overrides Tab.
This command runs only on PC endpoints.
Reverify all files and processes Re-verify this file's classification when the next scan runs.
This command is useful if you have established some overrides and need them to take effect on an endpoint.
This command runs only on PC endpoints.
Consider all items as good
Consider all detected files on this endpoint as safe to run.
This command is useful if you find numerous false positives on an endpoint and need to quickly tag them as "Good."
This command runs only on PC endpoints.
Allow processes blocked by firewall
Allow communication for all processes that are blocked by the Firewall setting.
This command runs only on PC endpoints.
Stop untrusted processes
Terminate any untrusted processes, which might be necessary if a regular scan did not remove all traces of a malware program.
The processes stop immediately, but are not prevented from running again later.
This command runs only on PC endpoints.
IDENTITY SHIELD COMMANDS Allow application Allow an application to run on the endpoint.
- To identify the application, you must enter its MD5 value.
- To determine an MD5 value, see Applying Overrides From the Overrides Tab.
This command runs only on PC endpoints.
Deny application
Block an application from running on the endpoint.
- To identify the application, you must enter its MD5 value.
- To determine an MD5 value, see Applying Overrides From the Overrides Tab.
This command runs only on PC endpoints.
Allow all denied applications
Re-set all applications previously blocked, so they can run on the endpoint.
This command runs only on PC endpoints.
Protect an application
Add extra security to an application running on the endpoint.
- To identify the application, you must enter its MD5 value.
- To determine an MD5 value, see Applying Overrides From the Overrides Tab.
This command runs only on PC endpoints.
Unprotect an application
Re-set the application to standard protection, if you previously used the Protect an application command to add extra security.
- To identify the application, you must enter its MD5 value.
- To determine an MD5 value, see Applying Overrides From the Overrides Tab.
This command runs only on PC endpoints.
ADVANCED COMMANDS Run Customer Support Script Specify a URL to download an executable file to the agent and run it remotely.
This command runs only on PC endpoints.
Customer Support Diagnostics
Run the WSABLogs utility to gather information about an infected endpoint.
The Customer Support Diagnostics dialog displays the location of the utility's executable file, and the email address associated with the endpoint account.
Clicking Submit runs the utility and sends the results to Webroot Business support.
You can specify optional advanced settings to send an additional file, to save the log locally instead of sending it, and gather a memory dump.
This command runs on both PC and Mac endpoints.
Note: Optional settings do not apply to Mac, and are not necessary for that platform.
As needed, do either of the following:
- To see the status of commands you sent, from the Agent Command menu, select View commands for selected endpoints.
- To review the Command Log, in the main Endpoint Protection console, click the Logs tab. For more information, see Viewing Command Logs.
- To see the status of commands you sent, from the Agent Command menu, select View commands for selected endpoints.
Endpoint Protection will issue the commands on the next polling interval for Windows computers. If needed, you can either change the polling interval in Basic Configuration of the group's policy or you can force the changes immediately as described in Forcing Immediate Updates.