Webroot Inspector KB and FAQs

How to Create User Exclusions in Webroot Metrics


For Webroot Metrics that use the “Endpoints” array in the Data Print, exclusions can be created in the event that the status of specific devices needs to be excluded from the Metric.

For example, you might want to exclude devices in the “Webroot: Devices Not Checked in Within 30 Days List” Metric.

Prework in Webroot

  1. Log in to your Webroot SecureAnywhere Instance. Navigate to the Groups tab and select the target site for which there are devices you want to exclude.
  1. Select the plus iconin the top left to create a new group under “Sites & Groups.” Complete the Name, Description, and Endpoint Policy for this group.
  1. Once the Group is created, navigate back to the Site. Select the devices you would like to add to the exclusion group and select the Move option.
  1. Move the devices to the newly created exclusion group. Record the name of the group to access when you return to Liongard.

In Liongard

  1. Log in to Liongard. Navigate to Admin > Metrics
  2. Clone an existing Metric OR select the Add Metric button
  3. Edit the Metric settings
  4. Navigate to the Data Print Query. Groups are found in the Endpoints array. When writing your query, you must target the Endpoints array.

Within the query, add the following JMESPath condition, and Within the backticks, edit the name of the exclusion group to match what you named the group in Webroot.

(&& GroupName!= 'LG_Exclusions')

For example, let's edit the “Webroot: Devices Not Checked in Within 30 Days List” Metric to exclude the LG_Exclustions groups.

Original Metric Query:

Endpoints[?DaysSinceLastSeen > 30 && Deactivated == false].HostName | join( | , @)

Metric Query with Exclusion Group:

Endpoints[?DaysSinceLastSeen > `30` && Deactivated == `false` && GroupName!= 'LG_Exclusions'].HostName | join( `|` , @)

We added the exclusion group JMESPath condition which tells the query to ignore all endpoints that are included in the LG_Exclusions group.
5. Save this Metric.

Duplicate Endpoint Discoveries

The Webroot Inspector may return duplicate endpoints under some circumstances. To avoid this, please use the
-uniquedevice flag when installing Webroot via EXE or MSI. For more detailed instructions, see Webroot documentation found here.