Webroot Business Endpoint Protection review

An affordable but limited platform

Webroot Business Endpoint Protection website screenshot
(Image: © Webrootoint Protection)

TechRadar Verdict

Arguably one of the best platforms in terms of features that’s also very affordable. However it’s let down by a complex interface and its failure to cater to mobile devices, which are fast emerging as the leading source of security breaches.


  • +

    Extensive protection features

  • +

    Resource efficient client

  • +

    Useful documentation

  • +



  • -

    No support for Linux and mobile devices

  • -

    Inconsistent threat reporting

Why you can trust TechRadar We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.

Business endpoint security protection needs to offer a comprehensive defense against all kinds of malicious bits floating around on the Internet. Webroot Business Endpoint Protection (WBEP) is designed to shield workstations running Windows and macOS operating systems from such known as well as new threats.  

Webroot Business Endpoint Protection: Plans and pricing

Webroot only offers 1 year subscriptions for WBEP. The platform will cost $30 for each endpoint for upto 9 endpoints. You’ll get a discounted price for protecting 10 endpoints and more. 

Protecting 10 endpoints costs $276, which comes to $27.6 per endpoint. It’ll cost the same for protecting 15 endpoints (for a total of $414), or for 20 endpoints that will cost $552, making it one of the cheapest endpoint security solutions on offer.

These prices have remained fixed since our original review in 2020, which means they're even more competitive relative to other endpoint security platforms.

Customers also now have the option to add Webroot DNS protection for the same cost per seat as for Endpoint Protection - in other words effectively doubling the price. This can be a good way to filter out harmful links but is more expensive than other secure Secure DNS offerings.

The Webroot checkout page for Business Endpoint Protections also offers the option to add 'Security Awareness Training'. In this case this is to teach workers in your organization on how to avoid phishing. Once again this is for the same cost per device as for Endpoint Protection, so if you combine this with Webroot DNS protection and the endpoint protection itself the price is effectively tripled. 

WebRoot offers a free 30-day trial of their Endpoint Protection, so you can try before you buy. If you do install the trial software, you can also sign up for a trial of the 'DNS Protection' and 'Security Awareness Training' features from within the WebRoot Management Console.

Webroot Business Endpoint Protection: setup

(Image credit: Webroot)

Webroot Business Endpoint Protection: Setup

Overall, WebRoot offer a very smooth setup. If you choose to sign up for the free 30-day trial for Business Endpoint Protection, you're asked to enter your contact details. A short while later a link is sent to your e-mail address with a temporary license code and password. There's also a link to set a new, strong password. 

You use this form to create a secondary 'security code'. WebRoot will ask for two different characters from this each time you log in, as well as prompt you each time to set up two factor authentication

On first login, users are also asked to choose between the Business console (the focus of this review) or the MSP (Managed Service Provider) console. The latter is useful if you manage multiple devices on behalf of different clients.

On first login we were easily able to find a download link for the WebRoot 'SecureAnywhere' software, with the license key preloaded, then install it on our Windows 11 machine. When we did, we also noticed it installed Webroot's "Web Threat Shield" into our Edge browser. 

This can easily be disabled but it's important to note, as your endpoints may use other browser extensions for safe surfing which could interfere with Web Threat Shield's functionality.

We were pleased to note that the newest version of the endpoint client doesn't need to be updated constantly for threat protection - it performs scans based on information 'in the cloud' so is always up to date.

Webroot Business Endpoint Protection features

(Image credit: Webroot)

Webroot Business Endpoint Protection: Features

First things first: as far as security is concerned, WBEP has all the features you’d expect from a protection platform. It can prevent viruses, malware, trojans, ransomware, spyware, phishing attacks, browser-based attacks, cryptojacking, and all the other usual threats from wreaking havoc on your endpoints.

WBEP wraps these features inside what it refers to as shields, such as real-time shield, web shield, identity shield, phishing shield and more. 

The realtime shield blocks known threats that are listed in Webroot's threat definitions. A useful feature is the identity shield that includes mechanisms that help protect sensitive data that might be exposed during online transactions. 

Webroot Business Endpoint Protection 2

(Image credit: Webroot)

The WBEP platform also includes the behavior shield, which monitors individual user behavior to dynamically tailor malware prevention. It also includes various heuristics settings that you can use to set the level of threat analysis that WBEP performs when scanning the protected endpoints.

A new addition to the list is the evasion shield that’ll help detect, block, and quarantine evasive script attacks, including file-based, fileless, obfuscated, or encrypted threats. It’ll also prevent malicious actions in PowerShell, JavaScript, VBScript, and more. Hat tip to the WBEP developers for disabling the feature by default since many organisations use legitimate custom scripts in their environments where this shield might generate false positives.

Besides file protections, WBEP also includes other security-related features as well. For instance, you can use it to control which applications are allowed to run. The platform also includes a software firewall and several other useful features to help you take charge of your endpoints.

We've already discussed how seriously WebRoot takes security, protecting the login console with a secondary security code as well as repeatedly prompting managers to set up two-factor authentication.

The most recent version of the console also includes 30-minute rolling sessions. This simply means after 28 minutes, you'll be prompted to ask if you want to keep the session alive. If no response is received the console will automatically log out.

The latest console has also now introduced a long awaited feature whereby users can export information on all devices as a CSV file via the 'Entities' tab.

If we seem particularly well informed on the most recent updates, it's because the WebRoot Resource Center has a dedicated 'Announcements' section. You can also take 'Spotlight Tours' which walk you through the console's main features.

There are also links to WebRoot's extensive collection of user guides for all their products.

Webroot Business Endpoint Protection 3

(Image credit: Webroot)

Webroot Business Endpoint Protection: Interface and use

WBEP offers a couple of administration interfaces, each tailored to a different environment. The Business interface is designed for managing the devices within an organisation, and is the one we’ll be using in this review. Besides this, WBEP also has an administration interface for managing devices for your customers that can handle multiple businesses.

Although the workflow of the WBEP platform is pretty similar to its peers, the layout of its administration interface leaves much to be desired. 

The interface isn’t logically arranged, and instead of clearly-labelled starting points, you’ll have to head to the last Downloads tab to install the WBEP agent on your endpoints. 

The platform offers both EXE and MSI installers for Windows installations and DMG for macOS for simple manual installation. For advanced automated installs, you can hook up WBEP with an existing active directory server on your network.

In terms of workflow, all endpoints must subscribe to defined policies. While this allows for greater control over the behavior of individual endpoints, WBEP has its peculiarities.

Webroot Business Endpoint Protection 4

(Image credit: Webroot)

To begin with, all WBEP endpoints subscribe to the Silent Audit policy that offers limited protection. It’d be natural to switch the endpoints to the Recommended Defaults policy that provides maximum protection and remediation.

However this policy has a poll interval of 24 hours, which means scans or any other actions initiated from the administration interface can take upto a day to be communicated to the endpoint. Another unusual behavior of this policy is that it hides the platform’s resource-efficient endpoint agent.

While this might seem like a good idea once you’ve configured WBEP as per your requirements, it’ll only create confusion for first time users. Thankfully, Webroot has a good administrator’s guide and a best practices guide to help you utilize the platform to its full extent.

Besides defining policies and assigning them to the endpoints, you can also use the interface to define exceptions and do a lot more. But again you’ll need to refer to the documentation to use these functions effectively.

The overall look and feel of the interface is logical and clearly laid out. The main 'Dashboard' provides a quick summary of the number of endpoints, as well as those which are active or have become infected.

Ther dashboard also contains more detailed infographics on endpoints where the agent software has been installed, displaying information on infected endpoints and those which haven't been seen recently.

We were especially impressed that the left hand pane can both display each section with sub-options but can also be minimized to a more compact version as users become more familiar with the icons. 

We have already touched on the discrete 'Announcements' section which discussed all thst was new in the world of WebRoot. This is preferable to the 'WebRoot Threat Blog' in the right hand pane of the Endpoint Protection Console. This links to articles on subjects like online romance scams which probably don't have much relevance to business users. 

Webroot Business Endpoint Protection performance

(Image credit: Future)

Webroot Business Endpoint Protection: Performance

After installing the 'SecureAnywhere' software we opened the Microsoft Edge browser and attempted to download a test computer virus, provided by the good people of EICAR. 

We noted that the 'Web Threat Shield' extension didn't display any alerts and we were able to download the virus in compressed (ZIP) format without issue. 

We next extracted the virus and were surprised to see once again that the client software installed on the endpoint didn't seem to react. This is despite WebRoot's "RealTime Shield", "Web Shield" and "Firewall" all showing as enabled. 

It was only when we opened the 'SecureAnywhere' agent software and manually ran a  full system scan that the virus was removed.

We can only assume this has something to do with the aforementioned 'Silent Audit' policy which doesn't seem to proactively block threats. 

These results were troubling, so we ran our tests once again. This time when we tried to decompress the virus WebRoot's Endpoint Protection software automatically quarantined the threat and displayed an alert in the tray, prompting us to run a full scan. 

After the virus was detected and removed we logged in to the WebRoot Management Console.

Upon opening the 'Reports' tab we found that 'No Threats' were found. Since the virus we used was harmless this was technically true but we were surprised to find no mention of it neither here, nor in the 'Alerts' tab, which also claimed there was no data to display.

The main 'status' page also claimed that 'No Endpoints have reported in yet'. The 'Endpoint Protection Console' likewise reported no threats were found. suggesting the client software hadn't actually dialed home to report discovery of the virus. This was true both the first and second time we ran our tests with the fake computer virus. 

It's entirely possible that through careful configuration of the device policies and creating a custom installer that we could have created an agent which was more proactive in detecting, blocking and reporting a threat but can't help but feel it would be better if this was available out of the box. 

Webroot Business Endpoint Protection 5

(Image credit: Webroot)

Webroot Business Endpoint Protection: The competition

In terms of its platform coverage, WBEP only supports Windows and macOS. There’s no support for Linux installations, nor does it offer protection features for Android and iOS mobile devices. 

Linux isn’t supported by most of WBEP’s peers including Kaspersky Endpoint Security Cloud, and Avira Antivirus for Endpoint. Both of these however support Android and iOS devices, which are even protected by ESET Endpoint Protection Advanced Cloud under certain conditions.

Only Avast Business Antivirus Pro Plus restricts itself to Windows and macOS just like WBEP. However, Avast makes up for this limitation by including several privacy-enhancing features like a fully-functional VPN service, that you don’t get with WBEP.

Another feature we missed in WBEP is the lack of ability to control pluggable devices like you get with many of its peers, such as Trend Micro Worry-Free Business Security Services Advanced. Of course the lack of tweakability is another characteristic that sets WBEP apart from many of its peers.

Despite the addition of the 'Web Threat Detection' extension in endpoint devices' browsers, we also didn't see any proactive prevention of threats, as during all our tests we were able to download our fake computer virus test file. In fairness we saw similar results in other endpoint security platforms like Trend Vision One, which nevertheless were able to immediately quarantine the file once it was detected on the hard drive. 

Webroot Business Endpoint Protection: Final verdict

WBEP has a lot of protection features that you get at a very affordable price. However, the platform does a poor job of exposing its strengths.  Since our previous review in 2020, the interface has been revamped and seems to have a more logical layout. This is excellent, as it was previously very counterintuitive and tricky to navigate. There are still some quirks we struggled to master.  

During our tests the platform had some fairly mixed results when it came to detecting threats. Although it failed to prevent us from downloading and decompressing our computer virus, it did detect and quarantine it the second time we ran our tests. 

We also had to question the use of the 'Web Threat Detection' extension if it doesn't prevent users from downloading a known virus. 

What troubled us most was that there was no corresponding report of the virus being detected and/or quarantined on WebRoot Management Console. This would make it difficult for network managers to monitor user activity to see if they're involved in any risky online behaviors. Admittedly this may have to do with the policies in place but as we said, we'd like to see proactive detection and reporting out of the box for endpoint security products. During our tests we also did change the device policy for our test machine to 'Recommended Defaults' but didn't see any noticeable improvement in threat detection/reporting. 

For instance, once our tests were complete and we wanted to remove the client software from our test machine we were told that this needed to be managed via the web console. We sent the 'Uninstall' Agent command several times to the software without any success forcing us to boot into Safe Mode and manually remove it ourselves via Windows Registry. 

This is why despite its strong set of features, the platform will appeal to a very narrow set of users, especially due to its limited operating system support and because of its occasionally counter-intuitive interface. We strongly advise you to read through its administration guide before you take advantage of the 30-day extended free trial to explore the platform. 

We've listed the best internet security suites.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

With contributions from