Technical Data Sheet

Webroot SME Security Protects Against Both Spyware and Viruses Completing the IT Security Solution SME Security is a comprehensive combined antivirus and anti-spyware enterprise solution that provides centrally managed, desktop-level protection from today’s online security threats. Offering the most thorough network-wide detection, removal and blocking of Internet threats available, SME Security provides a distributed antivirus and anti-spyware solution using a client/server architecture with centralized management and reporting. The optional deployment of update distribution servers allow large organizations to balance the load of updating many clients quickly while also allowing multi-site companies to conserve bandwidth by distributing updates from servers located on the same LAN. Administrators have complete manual control over the system or the ability to configure for full autonomous operation.

The illustration below shows how SME Security works in a network environment:

Daily spyware and virus definitions are distributed from Webroot servers.

Comprehensive Removal Technology The Webroot Comprehensive Removal Technology (CRT) is If any files or traces match the definitions database, SME the backbone behind the most advanced threat removal engine in Security immediately quarantines the identified threat and the industry. CRT uses adaptive recognition practices to remove notifies the administrator. processes, applications or files that may have changed during the remediation process or may not have been previously detected. Quarantining disables the malicious program’s functionality for immediate protection, while giving the administrator the The unique technology completely disables malicious programs option to review and permanently delete suspect files or safely detected on a system PC, rendering them ineffective. Using CRT, restore them if they are essential to the operation of desirable SME Security assures system stability during and after the threat applications. Desirable files that are detected as suspect can be removal process. SME Security scans the client system using selected to “always keep” for specific users, groups or within the a constantly evolving database of thousands of known threats. entire enterprise.

Webroot , Inc. 2560 55th Street, Boulder, CO 80301 U.S.A. Tel 800.870.8102 www.webroot.com Technical Data Sheet

AntiVirus Protection Powered by ® n Internet Communication Shield Webroot has combined its deep R&D knowledge of spyware The blocks incoming with the industry-leading virus removal definitions from Sophos and outgoing communication to malicious Web sites to create the most flexible, accurate, and technically-evolved known to host potential spyware threats. detection, removal and blocking engine in the industry. With n BHO Shield increased capabilities, including the detection and removal of The stops the installation of unwanted root-kit technology, SME Security removes and blocks some of toolbars that track Web site activities or install other the most persistent and powerful malware programs today. add-ons without your consent.

Kernel level driver protection enables SME Security to delete files (locked or otherwise) directly off the hard disk, bypassing the windows system APIs that are normally used to manage disk operations. Malicious programs can block certain windows APIs in order to prevent removal from the OS.

Advanced Proactive Protection Additional Smart Shields in SME Security defend critical areas SME Security provides Smart Shields that block functionality from spyware attacks: and other shields to protect specific elements of the system that n The IE Trusted Sites Shield prevents spyware from malicious software attacks. The startup, installation, memory, adding unwanted Internet Explorer entries. alternate data streams (ADS) and ActiveX shields block threats n The Messenger Shield prevents spyware from exploiting before they can infect a protected workstation. the Windows Messenger service. n The Hosts File Shield protects the hosts file from modifications by spyware. n The IE Hijack Shield protects internal pages of Internet Explorer from spyware attacks. n The Home Page Shield protects the user’s current home page or allows administrators to specify a corporate home page standard. n The Common Ad Sites/Blocked Web Sites Shield prevents access to sites that are known to deliver spyware n The Startup Shield blocks spyware programs from writing or advertisements from spyware. This list is updated in critical registry keys for their operations. This shield is every definition file. Users also have the ability to add configurable to allow approved programs to be installed. custom sites they wish to block. n The Installation Shield provides real-time protection from spyware and virus processes trying to start, immediately Advanced Threat Detection and Control terminating them. It also allows an administrator to block SME Security Server runs within the network to manage any unwanted executable (i.e. to stop unwanted game the clients. The features of the SME Security Server are playing on the enterprise network). described below: n The Memory Shield scans memory to catch spies and viruses that are currently loaded and terminates The Admin Console is Web-based and enables multiple those processes. simultaneous administrators with full audit logging of all user n The Alternate Data Stream Shield prevents spies and actions. The Admin Console is accessible from any Internet viruses from starting from an alternate data stream. connected PC and provides the interface for configuring clients, CoolWebSearch is known to exploit this vulnerability. managing updates, establishing alerts, viewing reports, and n The ActiveX Shield prevents spyware from using ActiveX performing real-time scans of remote systems. controls to install malicious software and viruses.

Webroot Software, Inc. 2560 55th Street, Boulder, CO 80301 U.S.A. Tel 800.870.8102 www.webroot.com Technical Data Sheet

The Database stores the settings from the Admin Console. The The CommAgent Service handles communication with the database collects information from spyware sweeps as well as from Client Service running on the SME Security server. It checks for the update and client services. SME Security supports the use of a configuration changes or updates as well as delivers client sweep SQL Server and SQL Server Express database. results back to the server.

The Update Service checks the Webroot Update Server for Client Management updates to software or threat definitions. This runs automatically Remote and Laptop Users on a scheduled basis without requiring any user interaction SME Security maintains the enforcement of administrator-set to ensure the latest updates are available. The update service policies for laptop or remote users while they are away from can also be invoked from the Admin Console to manually check the network. Laptop and remote user machines, when logged for updates. If distributed update servers are deployed, updates into the network, automatically check with the SME Security are automatically moved to local distribution servers. When Server to download new definition or product updates and send a client polls for an update, it obtains a list of local distributors reports of spyware detected since last logging into the network. and will retrieve the update from one of the available local Additionally, the remote client sends report information, such as distributor servers. spyware detected and previous spy sweep date and time, allowing IT administrators to maintain accurate reporting capabilities. The Client Service responds to client polling requests to receive While disconnected from the network, laptop and remote results as well as to provide configuration settings and updates users may check the Webroot update server directly so that back to the clients. This component runs automatically to they continue to receive the most up-to-date protection from ensure that clients get the latest settings, software and definitions spyware threats. regardless of when clients are on the network.

The Webroot Update Distribution Service delivers software and threat definition updates to clients. This service runs automatically on the SME Security Server and additional copies can be installed throughout the enterprise to balance load and minimize WAN bandwidth consumption.

Schedule Spyware and Virus Sweeps n Configure specific workstation drives to sweep for spyware and viruses n Set sweeps to include or exclude memory and the registry SME Security Client runs on the user workstations and laptops. n Exclude files of a specific size from sweeps The client contains three major components deployed in a n Determine threat disposition by threat category or single installation: by exact name n Enable Smart Shields to protect the common entry The SME Security User Interface provides access to a graphical points, including changes to system memory, registry user interface for end users to interact with the SME Security entries, host files, startup processes, browser hijackings, service. The client can be deployed invisibly to end users, alternate data streams and other security settings and provides user control over specific settings or runs in n “Poll Now” command allows administrator to update administrative mode with full control for advanced users. workstation configuration, client software or definitions on demand The SME Security Service does thorough sweeps of the system n Schedule sweeps by group; or if a critical situation arises, and uses proactive shields to protect against spies and their run a sweep instantly by individual workstation or group attacks. This component operates automatically so that scheduled sweeps or on-demand sweeps will run even when users are not logged into the system.

Webroot Software, Inc. 2560 55th Street, Boulder, CO 80301 U.S.A. Tel 800.870.8102 www.webroot.com Technical Data Sheet

n Client reboot notifications help full removal of persistent System Requirements threats by prompting the end user to reboot if necessary Server: to completely remove a detected threat OS: Windows 2000 Pro/Server with SP4, Windows n Incremental Definitions allow organizations to download XP Pro with SP2, Windows 2003 Standard, only the new or updated definitions from Webroot, Enterprise or SMB with SP1 significantly reducing the size of the definition packets CPU: 1 GHz Minimum that need to cross the network Memory: 1 GB Minimum n Support Memory Sandboxing Feature Disk Space: 1 GB Minimum DB Support: SQL Server 2005 Express Monitoring, Reporting and Alerts (.NET 2.0, MDAC 2.8+), Microsoft SQL Server 2000 and 2005 n Configure who receives alerts when specific types of Browser: IE 6.0 SP1 or later, including IE 7 threats are detected n SNMP alerting for detected threats at conclusion Distributor Servers: of sweeps OS: Windows 2000 Pro/Server with SP4, Windows n View enterprise-wide graphical summaries of threats XP Pro with SP2, Windows 2003 Standard, detected by group or category Enterprise or SMB with SP1 n Display errors that occur during sweeps to aid technical CPU: 1 GHz Minimum support in resolving the problem Memory: 1 GB Minimum n Generate reports of alerts and threats found Disk Space: 1 GB Minimum n Create custom reports if using SQL Server database and Crystal Reports Client: OS: Windows 2000 Pro/Server, Windows XP Home, Professional, Tablet, Windows 2003 Standard, Enterprise or SMB CPU: 1 GHz Minimum Memory: 128 Minimum, 256 MB or better recommended Disk Space: 15 MB free space Browser: IE 6.0 SP1 or later, including IE 7

© 2006 Webroot Software, Inc. — All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the prior consent of Webroot Software, Inc. Webroot, Spy Sweeper, Spy Sweeper Enterprise and their logos are registered trademarks of Webroot Software, Inc.

Webroot Software, Inc. 2560 55th Street, Boulder, CO 80301 U.S.A. Tel 800.870.8102 www.webroot.com