Webroot Endpoint Review

Webroot Business Endpoint Protection is one of the most widely used solutions for securing laptops and computers. The software can be used to protect the physical devices that users rely on every day against external threats. In this Webroot endpoint review, we’re going to look at what this tool does, and evaluate its place in an enterprise environment.

What is Webroot Business Endpoint Protection, and what does it do? 

Webroot Endpoint Protection is an endpoint detection tool designed for SMEs and MSPs to help protect devices against cyber threats. The software scans your network to discover vulnerabilities and leverages features like contextual threat intelligence to detect modern threats that can easily slip under the radar.

Types of threats that Webroot Business Endpoint Protection can detect include viruses, malware, spyware, trojans, phishing attempts, cryptojacking, and more. The basic coverage included gives you a line of defense against the most common types of cyberattacks.

Before we dive into the features of Webroot Business Endpoint Protection, we’re going to look at some of the key selling points of the software against other competitor products.

What Does it Have Over the Competition?

The Webroot platform is widely recognized as one of the top endpoint protection tools available for a number of reasons:

  1. Easy to install The fast deployment of the software makes it ideal for enterprises because it can quickly and easily be deployed with minimal configuration. That means you won’t have to spend valuable time completing lengthy installations on every machine you want to protect.
  2. Low resource footprint Webroot Business Endpoint Protection has minimal impact on the host system requiring less disk space than many other alternatives. Lower resource avoids slowing down computers and provides a better user experience for employees when running scans.
  3. Top-tier Threat Detection The platform has the ability to detect a whole host of threats with a high level of accuracy with threat intelligence and malware intelligence. While it doesn’t cover everything it protects against some of the basic attacks that enterprises need to defend against like viruses, malware, and spyware.

WebRoot Endpoint Review: Head-to-Head Competitors

In 2019, PassMark software conducted an objective review of nine different security software products including:

  • Webroot Business Endpoint Protection
  • Symantec Endpoint Protection Cloud
  • ESET Endpoint Security
  • Malwarebytes Endpoint Protection
  • Bitdefender GravityZone Business Security
  • Trend Micro Worry-Free Business Security Advanced
  • Kaspersky Endpoint Security
  • McAfee Endpoint Security
  • Sophos Endpoint Protection

As part of the comparison, the products were reviewed based on factors including installation time, installation size, boot time, CPU usage,  memory usage, on-demand scan time, scheduled scan time, network throughput, browse time, and more, to find the best security products on the market.

Webroot Business Endpoint Protection received the highest score out of all the competitors (84) followed by Symantec Endpoint Protection Cloud (75), ESET Endpoint Security (62), Malwarebytes Endpoint Protection (60), and Bitdefender GravityZone Business Security (51). The test also found that Webroot had the:

  • Lowest installation time (3 seconds)
  • Lowest installation size (16.5 MB)
  • 2nd lowest boot time (9.4 seconds)
  • Lowest CPU usage when idle
  • Lowest memory usage during:
    • a system idea (6.8 MB)
    • an initial scan (47.1 MB)
    • a scheduled scan (26.2 MB)
  • Lowest scheduled scan time (27.5 seconds)

However, it is worth noting that Webroot was outperformed in a few areas:

  • Bitdefender GravityZone BS, ESET Endpoint Security, Trend Micro WFBS Advanced, Sophos EP, and Malwarebytes EP had lower CPU usage during scans
  • Malwarebytes, Bitdefender GravityZone BS, Kaspersky Endpoint Security, Symantec EP Cloud, and ESET Endpoint Security all had lower on-demand scan times
  • Malwarebytes EP, Symantec EP Cloud, and Sophos EP all had lower browse times

So while WebRoot Business Endpoint Protection isn’t a flawless product, it performed well across the board, making it the most well-rounded of all the tools studied.

Feature Breakdown: Webroot Endpoint Protection

Automated threat detectionMachine learning-driven threat detection
Out-of-the-box policiesPolicies available out of the box
Endpoint managementManage updates on devices, issue commands and check scan results
Automated software updatesAutomatically updates the software without human intervention
Auto-remediationAutomatically resolves malicious software events (e.g. automated system restoration)
Whitelisting and BlacklistingManage white lists and blacks to control which resources are permitted
AlertsReceive notifications about when threats are detected
User permissionsAssign permissions to users
ReportsMultiple report types including Endpoint Protection Reports
Operations SystemsRange of OS supported for Windows and Mac
PricePrices start at $150.00

Deployment (Cloud-based)   

Webroot Endpoint Protection is a Software-as-a-Service (SaaS) solution that can be run through the cloud. To use the platform, users need to install software agents on their devices. The process is simple, enabling enterprises to deploy the program and start monitoring their networks from a centralized console with minimal strain on resources.

From the console, the user can monitor all devices that have the software installed, resulting in a simple, but effective threat management experience. The fast-track set up is perhaps one of the biggest advantages of the program because it allows you to get up and running without a long installation process.

User Interface 

As mentioned above, the Webroot console comes with a cloud-based GUI that allows you to monitor multiple endpoints throughout your network. The user interface itself is tabbed and very easy to use. The user can switch between a range of views including Status, Policies, group Management, Reports, Overrides, Alerts, Settings, Logs, and Resources.

Each of these tabs enables the user to monitor or configure something different within the network. On the Status page, for example, you can view a summary of endpoints experiencing difficulties.

The Policies page allows the user to set policies that will be applied to the agents (see below for more information), such as applying automatic remediation or allowing users to launch their own scans. On the whole, the GUI is easy to navigate and provides you with everything you need to manage your network.

Threat Detection and Machine Learning 

To detect online threats like malware, Webroot’s threat intelligence uses machine learning. Machine learning turns Webroot into an automated threat detection platform that identifies and classifies threats. As we mentioned above, malicious content that the program detects includes viruses, malware, ransomware, phishing attempts, cryptojacking, zero-day threats, and more.

Machine learning lowers the chance of false positives and helps to ensure greater accuracy in detection. To detect threats the Webroot platform takes data from each customer deployment of a Webroot product or from a technology partner’s solution and records threat data for analysis. The software then uses this data to diagnose other threats.

However, it is worth noting that some users have reported complaints that the software has a tendency to miss some malware attacks, and can raise false positives. Similarly, users with custom apps report being blocked from regular activities. While this is something to be aware of it’s a problem that many tools have from time-to-time.

Out-of-the-box Policies 

To make sure that you don’t need to configure everything from scratch, Webroot SecureAnywhere Business Endpoint Protection comes with scanning policies pre-configured out-of-the-box.

During the setup process, you’ll choose a default policy to apply to endpoints, which will determine parameters like the scan schedule a device uses. These policies can be customized if required. Having default configurations available is another feature that leads to a low-stress deployment.

Endpoint Management 

When working through the GUI, you can manage endpoints in a number of ways. For instance, you can manage endpoint updates, rename endpoints, issue commands to endpoints, check scan results, force immediate updates, deactivate endpoints, and more, to keep your network secure.

Endpoint management means that if there’s a problem with a device you can respond by opening the command prompt on the local device to start scanning for problems. Or if you need to free up space on your license then you can deactivate an endpoint to make space for another device. Carrying out tasks remotely makes it much easier to stay on top of managing multiple devices.

Automated Software Updates 

One of the most useful features included with Webroot Business Endpoint Protection is automated software updates. Users can enable the software so that it updates automatically without any intervention from the user.

Automating updates make for a streamlined management experience because you don’t have to continuously update everything yourself. Automatic updates also have the advantage of helping you to shut down vulnerabilities faster, so that there are fewer entry points for attackers to try and exploit.


Once a malicious piece of software or infection has been found, Webroot Business Endpoint Protection can begin auto-remediation to resolve the problem independently. For example, if a computer gets infected with ransomware then the software can automatically restore the system to an earlier version before the infection.

Auto-remediation doesn’t eliminate the need for a human-user but it does help to roll back the damage caused by a successful attack. An automated response also has the advantage of reducing the amount of manual work you have to put in when responding to attacks, lowering the time to remediation.

Whitelisting and Black Listing 

Application whitelisting and blacklisting are one of the key lines of defense users have against malicious attacks. Users can manage whitelist and blacklist overrides for files and folders through the Webroot console to determine which files are allowed to function.

Managing overrides, whitelists, and blacklists can be done through the Overrides tab, which has a File Whitelist view and a File Blacklist view. Maintaining whitelists and blacklists is useful for making sure employees have access to the data they need while simultaneously keeping known bad-actors from messing with your network.


Alerts can be seen through the dashboard and keep you updated on any important changes you need to be aware of, such as an infection or the installation of Webroot to an endpoint. In total there are four types of alerts; Threat Detected, Endpoint Installed, Threat Summary, and Install Summary.

The alerts system is customizable, and the user can enter a unique subject heading and body, as well as pick the schedule (instantly, daily, weekly, or monthly). After that, the alert can be sent out to a distribution list of employee email addresses. Unfortunately, the limit is capped at 10 users.

User Permissions 

User permissions are a useful feature included with Webroot because they allow you to control who has permission to access sites, groups, policies, overrides, commands, and alerts. Managing user permission can be done through the web console, through the Manage Users tab. The user can view a list of existing users, the current permissions they have, and also add new users.

Clicking on a user’s icon allows an administrator to configure User Details and Access & Permissions. On the Access & Permissions page, the user can select exactly what tasks a particular user is permitted to carry out. There are checkbox options for creating and editing groups, deactivating or reactivating endpoints, creating and editing policies, assigning policies to endpoints, creating and editing alerts, and more.


To support users in staying on top of performance concerns, Webroot Business Endpoint Protection has a reports system. There are many different types of reports including:

  • Endpoint Protection Reports
  • All Threats Seen Reports
  • All Undetermined Software Seen Reports
  • All URLs Blocked Reports
  • Endpoints with Threats On Last Scan Reports
  • Endpoints with Undetermined Software On Last Scan Reports
  • Daily Threat History Reports
  • Collated Threat History Reports
  • Daily Threat History Reports
  • and more

Each report tells you something different about the status of your endpoints. For example, All Threats Seen reports show you threats that have been detected, providing you with the name of the compromised file and when it was detected.

Other reports like All URLs Blocked Reports show you a list of sites that have been blocked by Webroot’s Web Threat Shield. Once you’re finished viewing a report you can download it as a spreadsheet. While there are many report types, the reporting feature does feel a bit constrained compared to some other alternatives on the market.

Operating systems 

Webroot Endpoint Protection is very versatile in its OS support. The platform is available for a wide range of desktops, servers, browsers, and VM platforms. We’ve broken down a list of supported operating systems below:

Supported Windows SystemsSupported Mac Systems
Windows 10 (32-bit/64-bit)Mac OS X 10.7 (Lion)
Windows 8, 8.1 (32-bit/64-bit)Mac OS X 10.8 (Mountain Lion)
Windows 7 (32-bit/64-bit)OS X 10.9 (Mavericks)
Windows Vista (32-bit/64-bit)OS X 10.10 (Yosemite)
Windows XP 3 (32-bit/64-bit) - Requires SHA-2OS X 10.11 (El Capitan)
Windows XP Embedded - Requires SHA-2macOS 10.14 (Mojave)
-macOS 10.15

Servers supported include:

  • Windows Server 2012 R2 Standard R2 Essentials
  • Windows Server 2008 R2 Foundation, Standard, Enterprise
  • Windows Server 2003 Standard, Enterprise (32-bit/64-bit) – Requires SHA-2 support
  • Windows Small Business Server 2008, 2011, 2012
  • Windows Server 2003 R2 for Embedded Systems – Requires SHA-2 support
  • Windows Embedded Standard 2009 SP2
  • Windows XP Embedded SP1, Embedded Standard 2009 SP3
  • Windows Embedded for POS Version 1.0
  • Windows Server 2016 Standard, Enterprise and Datacenter
  • Windows Server 2019 Standard Server with Desktop Experience
  • Windows Server 2019 Datacenter Server with Desktop Experience

Virtual machines supported include: 

  • VMware vSphere 5.5 and older (ESX/ESXi 5.5 and older), Workstation 9.0 and older, Server 2.0 and older
  • Citrix XenDesktop 5, XenServer 5.6 and older, XenApp 6.5 and older
  • Microsoft Hyper-V Server 2016
  • Microsoft Hyper-V Server 2012, 2012 R2
  • Microsoft Hyper-V Server 2008, 2008 R2
  • Virtual Box

The tool can also be run through a browser or virtual machine. Browsers supported include Google Chrome, Internet Explorer, Microsoft Edge, Mozilla Firefox, Safari, and Opera. The only real limitation is that the tool isn’t available for Linux.


The price of Webroot Business Endpoint Protection is competitive when compared to other tools on the market, but it does cost substantially more. Prices start at $150.00 (£121),  which provides protection for a year for up to five seats. You can also upscale the number of seats you purchase and add additional features like Webroot Business DNS Protection or Webroot Business Security Awareness Training.

The Complete Endpoint Security Solution? 

Webroot Business Endpoint Protection is a solid endpoint protection tool, and it offers enough protection against cyber threats with threat intelligence and automated software updates to meet most companies’ needs. Its performance stands out among the very top tools on the market.

However, user issues like the non-detection of malware or phishing attempts, and false positives can affect the reliability of the product. As a consequence, the software is best used as part of a wider cybersecurity strategy rather than your only line of defense for protecting endpoints.