Access Services Software Help Center Policies Jobs
rss XML news file



BOL Webmail

© Bruin OnLine

home >> help >> faq >> spysweeper >> admin

Spy Sweeper Admin FAQ

  • Using Spy Sweeper on servers with firewalls.

    When setting up Spy Sweeper Enteprise, open up all of the relevant TCP/UDP ports on the host based firewall that it is running on.  These include:  443 – WebrootUpdateService, 50000 - WebrootClientService, 50001 – Sweep Now function, 50002 – Poll Now function, 50003 – WebrootUpdateDistributor Service, 50020 – WebrootClientService (SSL), 50021 – Sweep Now function (SSL), 50022 – Poll Now function (SSL), and 50023 – WebrootUpdateDistributor (SSL).

    back to top

  • How do I set my server to automatically install upgrades?

    The clients will be updated automatically when the comm. agent pings the server.  You can set the frequency under Admin Tasks>Settings.

    back to top

  • Is it possible to upgrade selected individual workstations instead of a group or company node?

    Yes, this can be done by dragging the package on the grid to the group.  To check that it has been completely installed, go to Admin Tasks>Client Management and you can sort by field (including last update).

    back to top

  • Is it possible to push out the .msi package via the console rather than login scripts or other push-out software?

    There are four options for deploying the client broadly:

    • Execute the install from each workstation (e.g. by placing SpySweeperSetup.msi and SpySweeperSetup.ini in a shared folder and requesting each end user double-click SpySweeperSetup.msi)
      • If you choose this option, users must have local administration authority on their systems
    • Execute the install from a logon script
      • If you want the install to be silent, use a “/q” switch in the line that executes SpySweeperSetup.msi
      • You can specify the server IP address and port in the command line instead of relying on the .ini file
        • The command line syntax is: SpySweeperSetup.msi SERVERIP=10.10.10.10 SERVERPORT=50000
        • For a silent install: SpySweeperSetup.msi /q SERVERIP=10.10.10.10 SERVERPORT=50000
    • You can also pass the client deployment setting (invisible, stay minimized, pop up) in the command line.  The command line argument is RUN_CLIENT_AS=0 (pop up on scan) RUN_CLIENT_AS=1 (stay minimized) RUN_CLIENT_AS=2 (stay invisible).  This setting should go after the “/q” switch if you are using that:
      • The command line syntax is:

      SpySweeperSetup.msi /q RUN_CLIENT_AS=1 SERVERIP=10.10.10.10 SERVERPORT=50000

    • Finally, you can apply any of these command line arguments to the SpySweeperSetup.exe installer (which is used for installing on systems lacking the 2.0 version of Windows Installer)
      • The command line syntax is:

      SpySweeperSetup.exe /q RUN_CLIENT_AS=1 SERVERIP=10.10.10.10 SERVERPORT=50000

      • Assign the software through a Group Policy in Active Directory
      • NOTE: Group Policy software installation is only supported as assignment by computer (versus assigning or publishing to users).
      • This link provides an overview of Group Policy Software installation:
      http://support.microsoft.com/default.aspx?kbid=314934
      • The link below provides detail on deploying to only a selected Group through Group Policy assignment:

      http://support.microsoft.com/?kbid=302430

      • Include the Spy Sweeper Client as part of an image installed on systems
      • Install the Spy Sweeper Client on the target system you are intending to image – if you will be implementing multiple Admin Consoles, you’ll need to create a separate image for clients managed under each console
      • Stop the Webroot CommAgent service
      • Remove the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\Enterprise\CommAgent\guid
      • Create your image

    back to top

  • I have not received any alerts.  How often does Webroot send out spy emails?

    To make sure that your Spy Sweeper is correctly configured to receive alerts, go to Settings, then click on “send test email”.  This should cause you to receive an email.  Spy emails are only sent out when “new” spyware is found.

    back to top

  • Do you have any tips on how to maximize Spy Sweeper’s performance on machines that also have Sophos installed?

    Webroot recommends excluding the c:/program files/webroot directory from on access scanning.

    back to top

  • Is there a way to regulate how aggressive/intensive the sweeps are on the client in terms of how many resources they use on a given computer?

    Spy Sweeper Enterprise has the ability to monitor processes running on the workstation, and will take a lower priority in processing to allow more critical applications to complete.  The internal throttle watches CPU utilization/memory allocation and automatically backs of ESS processes so user experience is not compromised.  This is not a feature that is controlled or configured manually by the administrator or end user.

    back to top

  • Is there a way to completely hide some of the options on the client?

    Spy Sweeper Enterprise has the ability to control the client’s experience --- the parameters are grayed out as opposed to completely hidden.  Also, thru the Admin Console, you have the ability to run in a minimized mode where the Spy Sweeper Enterprise icon appears in the system tray, or invisible, so that the end user sees nothing at all.

    back to top

  • Tips on installing Spy Sweeper on a machine that has another anti-spyware product installed.

    During the deployment of Spy Sweeper, if it is known that other products reside on the endpoints, you can call out their uninstall prior to installing Spy Sweeper.  For example, when running an SMS script, you can call out the other anti-spyware product’s uninstall process and then run the Spy Sweeper MSI to install the client.

    back to top

  • Limitations of the Client Deployment feature

    Spy Sweeper Enterprise version 2.1 supports Client Deployment from the Admin Console. Below are some limitations of the Client Deployment feature.

    • Installing the client components from the Admin Console requires Windows networking and access to the admin share (admin$).
    • Client Deployment cannot be used to Install or Uninstall on Windows 98, Windows 98 SE or Windows ME as it requires the use of a service.
    • We recommend deploying to or uninstalling no more than 30 workstations at one time.
    • The Client Deployment feature cannot be used to install clients across Domains or VLAN’s.
    • If a client application that was installed from the Client Deployment screen is uninstalled via Add\Remove Programs on the client machine, the workstation will not automatically be deleted from the Admin Console. Once uninstalled, you will need to delete this workstation manually from the Client Management screen with the “Delete selected workstation(s)” button.
    • If you need to uninstall a client application manually using Add/Remove Programs, you will need to browse to a folder containing the SpySweeperSetup.msi file on your network.

    Please verify that the client machine does not have a firewall enabled prior to using the Client Deployment feature.

    back to top

  • Sweep Now screen is limited to displaying 100 clients at a time

    With the release of Spy Sweeper Enterprise 2.1, the sweep now screen has been limited to display 100 users. The sweep now screen tries to make a connection from the server to each client. By limiting the display to 100, the screen display is much faster. When going to the sweep now screen and selecting a group of more than 100 clients, a message will be displayed stating:
    “This group contains too many clients for this operation. Only the first 100 clients will be visible."
    Please note that machines will still run their scheduled sweeps. The client management screen will not be limited to displaying 100 machines. A sweep now can always be run from the client management screen as well. If it is necessary to see all members of a group on the sweep now screen, you can move clients into a new group.

    back to top

  • Installing Webroot Admin Console on a machine with multiple NICs

    When installing the Webroot Admin Console on a machine with multiple Network Interface Cards (NIC), it is best to set the Client Service IP setting to the IP address rather than installing with hostname.

    back to top

  • Updates and bandwidth:

    The normal communication between the client and the server is only about 1 KB. Spy definition updates are typically 1 MB. A new Spy Sweeper client update can be as large as 6 MB. Many things can affect the performance of the server. Deploying distributor servers reduces WAN bandwidth consumed when spy definitions or software updates are delivered.

    back to top

  • Client Configuration and Software Updates:

    The Enterprise solution supports a polling model where the clients request configuration changes. You can cause clients to poll by restarting the CommAgent Service on the client workstation. Since the 2.0 release, a "poll now" option has been added to the Admin Console. This feature will allow you to force a client check in without recycling the CommAgent service manually from the client machine.

    back to top

  • Available License count is incorrect.

    To enter a new key code in the Admin Console, go to Admin Tasks, Settings and paste in the new code including the brackets. To update the licenses, stop and restart the Webroot Update Service, then Check for Updates in the Admin Console. This will validate your new license key under Status, Licenses.

    back to top

  • Socket error 10053/10054:

    Socket errors 10053 and 10054 occur when the client has temporarily lost communication with the Spy Sweeper Enterprise server. This is not a permanent error, and causes no actual issues. If this error continues to occur on the same workstation, then rebooting the workstation should clear it.

    back to top

  • Authentication mode setting for SQL Server:

    Mixed mode authentication (SQL Server and Windows) should be selected. Starting with SQL Server 2000, the default setting is Windows authentication. If SQL Server was installed with Windows Authentication, it will be necessary to switch to mixed mode authentication. To do so:

    1. Open up SQL Server Enterprise Manager.
    2. Expand Microsoft SQL Servers > SQL Server Group.
    3. Drill down to the appropriate server group.
    4. Right click on the server group > Properties.
    5. Click on the security tab.
    6. Select SQL Server and Windows.
    7. Select OK.

    back to top

  • Can I use Spy Sweeper Enterprise on a Novell Network?

    The server must be running one of the specified Windows operating systems (NT 4.0 SP5 or higher, Windows 2000, Windows XP Professional, or Windows Server 2003). The folder where updates are downloaded should be on that same physical server.

    back to top

  • How is a new database created in SQL Server 2000?

    A new database can be created by using the SQL Server wizard. To do so:

    1. Open up SQL Server Enterprise Manager.
    2. Select Tools > Wizards.
    3. From the select wizard dialog box, expand Database.
    4. Highlight "Create Database Wizard" and select OK.
    5. The create database wizard will open. Select Next.
    6. Enter a database name of your choice. Select a location for the database file and the transaction log file. Select Next.
    7. Enter an Initial Size. The database can initially be created at 15 MB (as we can set it to grow). Select Next.
    8. Select the option to "Automatically grow the database files". The database can grow by percentage or by megabytes. For maximum file size, select "unrestricted file growth". Select Next.
    9. For the transaction log file, the initial size can be set to 5 MB. Select Next.
    10. Select the option to "Automatically grow the transaction log files. The log file can grow by percentage or by megabytes. For maximum file size, select "unrestricted file growth". Select Next.
    11. The last screen will now display a summary of the selections. If all look correct, click Finish.
    12. A dialog box should display stating "The database was successfully created."
    13. After creating the database, a prompt asks if the user would like to set a maintenance plan. It is recommended to create a maintenance plan to ensure that backups of the database are in place.
    14. After the database has been created, a login should be created and associated to the database.

    back to top

  • How is a new login created in SQL Server 2000?

    To create a login for the Spy Sweeper Enterprise Database:

    1. Open up SQL Server Enterprise Manager.
    2. Navigate to the Security folder.
    3. Expand the Security folder > Logins.
    4. Right click on Logins > New Login.
    5. On the general tab, enter a name for the login. Select SQL Server Authentication. Enter in a password. For the database dropdown, select the database that was created for Spy Sweeper Enterprise.
    6. On the Server Roles tab, verify that nothing is selected.
    7. On the Database Access tab, find the Spy Sweeper database that was created and select it.
    8. For the Permit in Database Role section, select public and db_owner. Please verify that nothing else is selected. Select OK.

    back to top

  • Event ID ( 1 ) in Source ( WebrootCommAgentService ):

    This is an informational message. This happens each time a client checks into the server. This is not an error. To reduce the amount of these messages in the event log, go to admin tasks > Settings and increase the CommAgent polling interval.

    back to top

  • If User Editable is selected, clients will not get configuration changes:

    This is how the User Editable function is designed. If you make a change to an active shield and it is marked user editable, it will remain the way it is currently set on the client. To force a change, first remove the user editable option from the setting that needs changed. Apply the changes. Wait for the clients to poll in and receive this change. Next make the change to the desired setting and apply the changes. On the client's next scheduled polling interval they will receive this new setting from the Admin Console.

    back to top

  • Last sweep reporting as 12/30/1899:

    The last sweep will report in the Admin Console as 12/30/1899 if the client has not yet swept or has not yet reported the sweep results. Once the client reports the sweep results or runs a sweep, the last sweep date will show correctly.

    back to top

  • What are the spyware category numbers in the spyware report?

    The spyware categories correlate directly to the spyware types listed from top to bottom in the Admin Console under Manage Desktop Applications / Spy Sweeper / Manage Spyware / Detected Spyware. For example, category 100 is Adware at the top of that list. Then 101 is Cookies, and so on.

    back to top

  • Client User Permissions:

    Spy Sweeper Enterprise runs as a service and will clean the file system, memory, all non-user related registry settings, and the registry settings of the currently logged in user regardless of the rights of the currently logged in user.

    back to top

  • How can one configure mobile client updates?

    In the Admin Console, under Manage Desktop Applications > Spy Sweeper > Configure Spy Sweeper > Sweep Settings, click the option in the middle of the page that says "Enable Mobile Client Support." This will put a button on their Spy Sweeper client software that says "Update Definitions." When the user clicks this button, the client will check for new spy definitions at the Webroot update server instead of going to your Spy Sweeper Enterprise company server.

    back to top

  • Clients showing pending status Admin Console

    Below is a list of reasons a machine may have a status of "Pending" in the Admin Console; a) The client workstation is turned off. b) The Webroot Spy Sweeper service is not started on the client. c) A firewall is blocking communication d) A NAT or Proxy resides between the server and the client. Check to see if the IP addresses in the Status - Client Status section of the Admin Console are unique and match the addresses of the client workstations. e) The client's DHCP lease has expired and the IP in the Admin Console does not match the IP of the client workstation.

    back to top

  • Citrix and Terminal Server Support:

    Citrix Server and Terminal Server are not supported platforms with Spy Sweeper Enterprise version. Preliminary testing by some users suggests that it can be run successfully. Technical Support recommends testing Citrix only in a test environment and running the client in invisible mode.

    back to top

  • How do I submit an Enhancement Request?

    Email enhancement requests to esupport@webroot.com and it will be forwarded to the Product Management team for consideration in a future release.

    back to top

  • DBISAM Error 11013 Access denied to table or backup file:

    This error occurs when antivirus software is running on the Spy Sweeper Enterprise server. Configure the antivirus software to completely exclude the Webroot folder and all subfolders. Then restart all of the Webroot services on the server.

    back to top

  • Error occurred while updating table licensepoolstatus:

    When trying to install the Spy Sweeper Enterprise server setup from a CD, the following message occurs - "error occurred while updating table licensepoolstatus." This is due to the setup trying to write back to the CD. The workaround is to copy the setup file to the hard drive of the server and then run the installation.

    back to top

  • I am running eval version, do I need to reinstall after purchasing?

    When running an evaluation copy of Spy Sweeper Enterprise, there is no need to reinstall the software after a purchase has been made. Simply copy and paste the new licensed key code into the Admin Console under Admin Tasks - Settings. Click Apply Changes. Then go to Status - Update History, and then click the Check for Updates button to register the new code and update the license count.

    back to top

  • Windows XP SP2, Firewall settings:

    Windows XP SP2 is a supported platform. Testing so far indicates no issues as long as the necessary ports in the Windows firewall are open. See detailed SP2 configuration document Windows XP SP2 firewall.pdf. To receive this document, please contact technical support.

    back to top

  • Error: 'No records to print' when trying to run error report:

    An error report can be run to show a compiled list of client side errors. If the error log under Status > Errors does not list a workstation in the workstations column, the error is from the server. Server side errors do not print in an error report. Verify that errors did occur in the date range that you are selecting and that they are client side errors for the report to run successfully.

    back to top

  • SMTP credential configuration settings:

    These parameters can be set from the E-mail tab on the Settings page.

    back to top

  • When are definition updates released?

    Currently definition files are released on an average of once or twice a week.

    back to top

  • Symantec AV 10 and Webroot Spy Sweeper Enterprise

    After installing Symantec AV 10 (Client or Server applications) on a machine running the Enterprise Spy Sweeper Client application, Symantec will not launch. The following errors may occur:
    Microsoft Management Console:
    Snap-in failed to initialize
    Name: <'unknown'>
    CLSID: {103363F4-69F9-1102-B34C-00104822D5DF}
    or
    The Application: Spy Sweeper on Workstation Workstation_Name,Generated error code: -2, Level 1, with the text:
    Failed to initiate change notification for key
    HKEY_LOCAL_MACHINE\\Software\\Microsoft\\
    Windows\\CurrentVersion\\RunServices
    Error: Illegal operation attempted on a registry key that has been marked for deletion
    (Addr: $000E8E1C; Frozen: 0; Thread ID: 1132)
    The above errors are generated from an installation that occurred while the Webroot Spy Sweeper Client application had the 'Startup Shield' enabled. The Webroot Startup shield actively watches startup items in the Windows Registry for any changes. Some spyware will attempt to add startup items to the registry so that the spyware will always start when Windows starts. The Startup shield ensures that spyware cannot add entries to the Registry, but also effectively prevents end users from installing software on their systems without the consent of their System Administrators. If you attempted to install Symantec AV 10 while the Startup Shield was enabled, the installation will be incomplete. Please uninstall Symantec, disable the Startup Shield and reinstall the Symantec application. Once installation is complete, the Startup Shield can be enabled again.

    back to top

  • When installing Spy Sweeper Enterprise version 2.1 on Windows Server 2003 Service Pack 1, the installation fails

    The errors produced by Windows will vary and the installation is halted. Following the steps below will often resolve installation problems that occur when installing the Admin Console on Windows Server 2003 SP1.
    This is a change to the security setting of a customer's server and the customer should be informed of how DEP in Windows works.
    More information can be found on Microsoft's website at the following link:

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/memory/base/data_execution_prevention.asp

    1. Open all Webroot ports in the Windows firewall.

    • Start -> control panel -> windows firewall
    • Webroot ports used (can also be found in the System Administrator's guide):
    • Client service port - 50000 by default.
    • This can be changed through the admin console.
    • Verify this on the admin console by going to admin tasks > Settings and then to the network tab.
    • Sweep now port - 50001
    • Poll now port - 50002
    • Distributor Port - 8080 by default in 2.0 and on upgrades; 50003 by default on fresh 2.1 installs.
    • Verify this on the admin console by going to admin tasks > Settings and then to the network tab.

    2. Set the Windows Data Execution Prevention to "Essential Windows programs and services only"

    • This is found under: My computer (right click) -> Properties -> Advanced -> Performance (Settings) -> Data Execution Prevention
    • The DEP setting will require a reboot, and they should be made aware of this as Windows will immediately prompt after the setting is made.

    back to top

  • McAfee VS 8.0i and Webroot Spy Sweeper Enterprise

    When both Spy Sweeper Enterprise and McAfee VirusScan Enterprise 8.0i are installed, the following error can occur: Explorer.exe has encountered a problem and needs to close.
    Below is a link to a McAfee knowledgebase article containing instructions on how to configure the McAfee software to avoid the interaction with Windows Explorer on systems with both the Spy Sweeper Enterprise and McAfee client installed. As the McAfee article points out, both clients are hooking the same point to defend the system. The Spy Sweeper Enterprise hooks provide key components of system defense, so the McAfee recommendation to adjust their client is very sensible. We continue to work with major software vendors to ensure Spy Sweeper Enterprise works well with other desktop software to provide the best spyware defense of your systems.
    Link to McAfee knowledgebase

    back to top

  • Customers experiencing difficulty when obtaining updates from the Admin Console when running Windows 2003 Service Pack 1 server.

    Customers running Microsoft Windows Server 2003 Service Pack 1 with ISA 2000, 2004 and other firewall software are experiencing this issue. Microsoft service packs for ISA 2000 and ISA 2004 will resolve this issue. Here is a link to Microsoft's ISA homepage:
    http://www.microsoft.com/isaserver/default.mspx

    back to top

  • Tips if you are encountering problems while using the client deployment feature

    • -Occasionally it is necessary to credential the Admin Console service to ensure that the deployment feature is allowed to function within a more secured network. To accomplish this, simply set the Webroot admin console service to log on as a domain administrator for the duration of the deployment.
    -File and Print Sharing must be not only enabled, but allowed in windows firewall for the client deployment component to function correctly.
    -Netbios must be enabled within the customer's network for the client deployment function to see all workstations within an environment. Additionally, if the network passes across a switch or router that does not support netbios hops, the client deployment component will not see any machines on the other side of that switch or router.

    back to top

  • Clients are not receiving updates.

    Check within Manage Desktop Applications>Spy Sweeper>Update Spy Sweeper and ensure that they have the correct settings placed in Manual and Automatic Install.

    back to top

  • I use a proxy server. Will this cause any problems in using Spy Sweeper?

    Webroot passes http traffic through TCP ports and any internal monitoring of traffic within a network by a proxy server will intercept this communication unless those ports are excluded.

    back to top

  • I use a Microsoft ISA server. Will this cause any problems in using Spy Sweeper?

    Microsoft ISA server will occasionally intercept traffic between the Webroot update servers and the admin console, effectively breaking the update process. The ISA server must be fully patched and configured to ignore traffic coming from the admin console on port 443 to allow successful communications.

    back to top

  • Do older versions of Spy Sweeper need to be removed before any upgrades can be applied?

    Yes, but in the 2.5.1 release there is a utility that removes the older client and associated files, then re-installs the new 2.5.1 agent.

    back to top

  • Why can't Spy Sweeper Enterprise detect when the consumer version of Spy Sweeper is already installed on a client machine?

    2.5.1 can identify and remove files of either Spy Sweeper Enterprise or Spy Sweeper consumer version. This was not available in prior releases.

    back to top

  • What minimum permissions are required for the Spysweeper account to remotely install the agent on a domain PC?

    Admin rights to the domain of the clients being deployed is required

    back to top

  • I'm encountering problems with Internet Explorer favorites

    The IE favorites shield has been removed from the 2.5.1 release and will be re-implemented in future releases.

    back to top