As far as small business antivirus is concerned I have always been an ESET fan. So when I was recently recommended by a colleague to check out the latest Webroot business antivirus client I wasn’t really looking for another antivirus since ESET had always treated me well. After getting to know the product and having used it now for 30 days, I can tell you that this is a top notch product in almost all aspects of premium antivirus clients.
Test PC specifications: Lenovo ThinkCentre Edge 71, Win 10 Pro(x64), 4GB RAM, Core i3-2120, Intel 180GB SSD, Office 2016
Duration: 30 Days
Antivirus footprint is an important part of evaluating an antivirus. There is no sense in having an effective antivirus if it grinds your computer to a halt or makes it sluggish for that matter. This is something that some antivirus makers never get (Symantec I am looking at you…). ESET has always been pretty good in that regard. Webroot however, uses a fraction of the CPU cycles, memory size, scanning performance, and disk space of any antivirus I have ever seen! Check out the stats here. After reading the whitepapers regarding the performance I was a little skeptical. I did my own investigation on my own PC and here is what I found.
This was the memory footprint of the antivirus client while idle. Notice that the snipping tool consumes almost 5 times the memory!! After I performed some more tests things were very similar to the Passmark whitepaper on their site. I was impressed to say the least.
Manual Scans were super fast after the initial one which was also fast and the scheduled scans seem to work without issue. This scan performance is probably due to the way that Webroot looks for a virus or malware. We will get into that in the next section.
So then the next question is how effective is it? Well I had been reading about Webroot at PC mag which does a pretty good job of reviewing anitivus suites for both home and business. The reviews were impressive. However, many of the independent labs have not tested Webroot much in the last 4+ years. I was able to find The Gartner group report that places them in the visionary quadrant with one of the main selling points being malware behavior detection as shown in this quote:
“The cloud lookup classifies all files as good, bad or unknown, providing a higher degree of confidence in detection accuracy. Webroot SecureAnywhere is one of the few products to focus primarily on behavioral rules to identify threats. Webroot SecureAnywhere works by monitoring all new or highly changed files or processes, and checks file metadata and behavior against the cloud database of known files and behaviors. The cloud lookup results in a very small and fast EPP client. Webroot is the only vendor in this analysis that reports on malware dwell time. By journaling changes undertaken by unknown files, Webroot provides rapid remediation once malware behavior is detected. Consequently, remediation of ransomware such as Cryptolocker is possible by restoring data files from journaled versions, even if the initial infection evades detection. Webroot SecureAnywhere is a reasonable shortlist inclusion for organizations in supported geographies that are seeking a lightweight, behavior-based approach to malware detection.“ –Gartner Group EPP report 12-22-2014
Back to Reality
As for my own testing, I was not able to infect my PC using some websites I know to be troublesome mostly due to the integration into my web browsers. The client blocked the websites from loading all the way. There are a lot of web protections built in including advising you during your web searches as seen below. Since most infection attack surfaces come via the web or email this is important.
With the primary attack vectors coming via web and email traffic you would think that there would be a Outlook plug in right? Well I was surprised to find out that there isn’t one. So if you are a big time Outlook user or need to protect your business email from the client side this may not be the right solution for you. Since this is a business product, however, another potential ding for email protection is that fact that this suite does not have an Exchange client or mail protection appliance. So if you host your own email and want to scan incoming email within your own network, you will have to find another product in addition to the endpoints. If you are part of the momentum of cloud hosted email with cloud email protection services you may not care and would prefer that your antivirus does not slow Outlook or Exchange down. I am not bothered much with this because I am moving email hosting or email protection to cloud services unless there is a requirement for an on-premise email deployment. So this might not be a problem for you.
The client’s initial scan right after install on a PC infected with a minor adware toolbar was cleaned really quickly. This was seamless to me. The adware toolbar was gone from the programs list so the file removal hit the registry as well. Most of the time when malware gets caught it breaks the installed icons, etc. This removed the registry hooks during the cleaning.
Another thing that is a plus is the lack of a virus definition update. This is probably the main reason why the client is so lightweight. It pulls data from the cloud when it needs to analyze new files or odd behavior. This is a smart way to address malware.
There are some additional tools that I found useful. The first set of tools are Anti-malware tools. These are tools designed to help repair or remove an infection that evades the standard detection. You can restore your Windows system functions related to your desktop which can be tough to fix manually. You can also target specific files to remove that you know are the source of the trouble. Webroot will remove the file AND the registry entries associated to it. Having a manual remove aspect is a nice feature since with most protection clients you have to pray that it gets detected and if it doesn’t you have to resort to other methods of removal even though you might be able to see the files affecting your computer. Also with these Anti-Malware tools is a way for Webroot support to customize a script to remove malware or repair damage that can be executed with the client.
The second additional tool is the system optimizer. This is basically a clean up tool that you can get granular on what to clean up and schedule it. This is handy and can save you from using other tools in your OS environments which can add bloat to your computers and networks. You can also make the scheduled system optimizations transparent to the users which is important for deployments that have support trigger happy users. Most importantly it can keep temp file locations clean that might harbor threats that go undetected which include 3rd party browsers like Firefox and Chrome.
Group ’em up
This is where the Webroot SecureAnywhere platform really starts to shine. The manage console is very powerful and can get really granular. You can configure any setting on the endpoint in a policy. Make that policy the default policy and all your endpoint installations will grab that policy as soon as it comes online. So it is easy to manage groups as well. You can create as many groups as you want and assign policies to each group as you see fit. You can even create groups that have no policy for some test networks that need to be adjusted on the fly. However you want to do it and it is simple to navigate.
Deploy ’em out
Deployment method are flexible as well. Want to use GPOs? They would prefer that you do but if you don’t that is ok too. You can create a custom email template that gets linked to the business account. When your users get it, it will auto install silently. Again Webroot seems to be sensitive to LAN Admins and their support happy users. It is always nice when a big vendor thinks about the IT staff in the small details.
You can also grab the installer via MSI or EXE. Giving you the power to control your own deployment with scripting if you prefer.
Reporting ’em back
The reporting is good but not great. I am not complaining about the reporting, however, I have been exposed to some extreme reporting over the years and I can tell you reporting isn’t everything. It gives you some important visibility on your network over time but the need to dig really deep isn’t very important. That is what logs are for and you can do that manually per endpoint here. So, I think Webroot has done a fine job not spending too much time and money on developing their reporting.
I wasn’t able to really hit the support hard but the ticket I submitted was responded to quickly and thoroughly. You can only submit tickets via your console that is attached to your email or enter another email address for that ticket. The response time was fast for email. They also offer to talk via chat or phone to resolve the issue. Some people may not like the fact that they can’t phone support directly but this does not bother me. I am a busy IT guy. I can’t sit on the phone for too long. So I prefer to send support requests to email or chat. That way I can keep moving while someone gets back to me. Most complaints I have heard about Webroot’s support stems from this system of email first support. I found that the support itself seemed to be ready to help quickly.
Other resources for support
The available web resources from documentation to their forums were pretty fleshed out and readily available. I found that I would be comfortable with this first for most minor issues. The web community seems strong in their forums.
Webroot SecureAnywhere is not a cheap product. By the same token it isn’t outrageous either. Small Business plans start at about $25 per endpoint and goes down to below $20 at 250 endpoints. ESET is more expensive at 5 users and on a user basis in general. McAfee is a little more expensive at $29 per Endpoint. So for a premium antivirus package and cloud management, this is a good deal. I would consider all of these products as premium antivirus packages. There is a cheap antivirus market but I won’t be recommending any of those solutions since none of them have been much help for me. The only ding for Webroot compared to ESET and McAfee is that they offer on premise server management. Even with that being said Webroot SecureAnywhere has value in this SMB market space.
Points of Interest
-Endpoint client is VERY lightweight and has a powerful set of features
-Best of breed malware detection and remediation. Web protections from “drive by” attacks are some of the best
-Deployment is easy in multiple options
-Cloud management is very slick and powerful. Many options to configure centrally and gets very granular. It is easy to navigate as well
-Support is very helpful and responsive via web console submission. Easy to access and manage support tickets
-Documentation is easy to follow and readily accessible
-For being a premium small business antivirus the cost is competitive if you are used to paying for premium antivirus clients like ESET, Intel-McAfee, Kaspersky, etc…
-Cloud management is not for everyone. Some businesses may have an on-premise requirement for managing Endpoints. There is no on-premise management solution for this product
-No support for Outlook clients or Microsoft Exchange servers
-No Linux support
-Fairly expensive if you are used to using free or cheap antivirus solutions
-Lack of Independent lab testing can make it tough to sell to management who want to see industry acclaim
-No phone support directly. Email first only via web console.
If you are in the market for a premium small business antivirus package, Webroot SecureAnywhere is easily a top 3 product for cloud managed antivirus. I will be using this protection platform where I don’t need email protections or need to host my own management software. If that is your situation, I would recommend that you do the same.
Rating: Highly Recommended