Getting started with the Webroot software

After you install the Webroot software and activate your account, it begins protecting your computer immediately. You do not need to configure or launch any tasks yourself. However, we recommend you take a few moments to read this section and familiarize yourself with the main interface, the system tray icon and menu, alerts and notifications, the Webroot Portal, and the Webroot toolbar.

Quick reference

Learn more...

Get instructions ...


Getting Started FAQs

To get started with the Webroot software, see the following FAQs.

I've installed the software and activated my account. Now what?

Once you've installed the software and created an account, you're done. The Webroot software is preconfigured to begin protecting your computer immediately. To ensure that the software is running, look for the Webroot icon in the system tray: . The system tray is located in the lower right corner of your computer screen's desktop. If you log out of your computer or turn it off, the Webroot software will launch again automatically when you restart Windows. If your computer is secure, the Webroot icon appears in the system tray with a green status ball: . For more information about system status, see Viewing protection status.

I did not create an account during installation. How do I create one now?

If you did not create a Webroot account during installation, you can still use the Webroot software on a trial basis for up to 30 days. After 30 days, you can no longer use the Webroot software. To create an account, right-click on the system tray icon: . From the pop-up menu, select Sign In, then click Create Account to open the Create Account screen in your browser. For further instructions, see Creating a Webroot account.

How do I know which software version I have?

If you aren't sure which version you have (either Webroot AntiVirus with Spy Sweeper, Webroot Internet Security Essentials, or Webroot Internet Security Complete), open the main user interface (go to the Windows Start menu, select Webroot, then Webroot Software). Look at the banner area of the main user interface. The version name is shown in the top, left corner. For example:

How do I begin scanning for threats?

You do not need to configure or launch a scan yourself. The Webroot software automatically scans your computer for malware at 2 a.m., the night after you install the software. So be sure to leave your computer turned on after software installation. If the computer is not turned on or if you are working on the computer at 2 a.m., the Webroot software waits until the computer is running and idle before it launches a scan. If you would like to run a scan immediately, see Scanning for threats.

In most cases, the Webroot software will automatically quarantine any threats it finds. However, it may detect some items that it classifies as "potentially unwanted applications," which are not necessarily threats, but you may not want them running on your computer either. If it detects a potentially unwanted application, it opens a pop-up notification in the system tray; you must take action by selecting the application and sending it to quarantine or keeping it. For more details, see Responding to notifications.

After the initial scan, the Webroot software will periodically scan your computer at optimal times (see Learning about scans) and will actively protect your computer as you surf the Internet (see Learning about shields). If you want to disable automatic scanning and create your own scan schedule, see Creating a scan schedule.

Why does the colored ball next to the tray icon change color?  

The status ball next to the Webroot icon changes color to indicate the following states:



Your computer is secure.

One or more messages require your attention.

One or more critical items require your intervention.

For more information about viewing details of system states, see Viewing protection status.

How do I know if the Webroot software found any malware?

In most cases, the Webroot software automatically disables any threats it finds and moves them to quarantine (see Learning about the quarantine). You can view the quarantine by opening the main interface, clicking Edit settings in the PC Security panel, then clicking the Quarantine tab (see Viewing quarantined items). In some situations, the Webroot software may detect an item that could be a threat, but needs you to make a decision on whether you want to keep the item or not. For these types of items, the Webroot software will either open a notification in the system tray (see Responding to notifications) or will open a pop-up alert in the middle of your screen (see Responding to alerts).

You can also access a summary of Webroot software activity from the See how link on the Home panel (see Viewing protection status).

How does the Webroot software know the difference between malware and legitimate programs?

When the Webroot software performs a scan, it checks installed programs and other items on your computer against a database of security definitions. These definitions are a set of fingerprints (also called signatures) that characterize viruses, spyware, adware, and other types of unwanted items. The Webroot Threat Research team constantly updates these definitions to protect your computer from ever-changing spyware and other potential threats. The Webroot software automatically downloads these definitions to your computer so you are always protected.

What is malware and how does it get in my computer?

The Webroot software acts like a personal security guard for your computer, blocking bad guys from entry and searching the premises for any others that may have slipped through the cracks. If it finds threats, it disables them and ejects them into quarantine before they cause any harm.

Malware is malicious software that is designed to harm your computer or compromise your privacy. If you do not have the Webroot software actively protecting your computer, malware can enter your computer through Internet connections, open computer ports, compromised disks, and e-mail attachments. Internet connections are the primary source of entry; whenever you connect to the Internet, you could provide the outside world with access to your computer and potentially allow in snoops, thieves, and virus outbreaks. Fortunately, the Webroot software blocks any threats before they can enter.

The first time the Webroot software scans your computer, it may locate and quarantine many different types of threats that were previously running on your computer, probably without your knowledge. Some common types of malware are listed below. Click a term to see a description.

A virus is a self-replicating program that can infest computer code, documents, or applications. While some viruses are purposefully malignant, others are more of a nuisance, replicating uncontrollably and inhibiting system performance.
Spyware is a program that may either monitor your online activities or possibly install programs without your consent. Information about online activities may be subsequently sent to a third party for malicious purposes without your knowledge. Spyware may arrive bundled with freeware or shareware, through e-mail or instant messenger, may propagate itself using dialog boxes, various social engineering methods, scripting errors, or by someone with access to your computer. Spyware is difficult to detect, and difficult (if not impossible) for the average user to remove without the use of a top-quality antispyware program.
Adware is a type of software that may display advertisements on your system. Some adware may also hijack Web searches, meaning it may reroute your Web searches through its own Web page. It may change your default home page to a specific Web site. Adware generally propagates itself using dialog boxes, various social engineering methods, or through scripting errors. Adware and BHOs are often bundled with various free software programs, such as clocks, messengers, alerts, and software such as screensavers, cartoon cursors, backgrounds, sounds, etc. Removing adware bundled with free software programs may cause the software to stop operating. These adware programs may also cause slowing of your Web browser and system performance issues.
A keylogger is a type of system monitor that has the ability to record all keystrokes on your computer. Therefore, a keylogger may monitor keystrokes, e-mails, chat room dialogue, instant message dialogue, Web sites visited, usernames, passwords, programs run, and any other typed material. They may have the ability to run in the background, hiding their presence. Keyloggers and system monitors may be used for legitimate purposes but can also be installed by a user to record sensitive information for malicious purposes. Someone with administrative access to your computer, such as a system administrator or someone who shares your computer, typically installs commercial system monitors. This program may be installed on the machine without your knowledge or consent, and may allow an unauthorized, third party to view potentially sensitive information. Worst case scenario: A third party may be able to view your personal conversations and may gain access to private information such as your usernames, passwords, credit card numbers, or your Social Security number.
Trojan horse
A Trojan horse may take control of your computer files by using a program manager that allows a hacker to install, execute, open, or close programs. The hacker can gain remote control of your cursor and keyboard and can even send mass e-mails from your infected computer. It can run in the background, hiding its presence. A Trojan is usually disguised as a harmless software program and may also be distributed as an e-mail attachment. Opening the program or attachment may cause an auto-installation process that loads the downloader onto your computer and download third-party programs on your computer, resulting in the installation of unwanted programs without your knowledge or consent, and jeopardizing your privacy. Trojans can also open a port on your computer that enable a hacker to gain remote control of your computer.
Rootkits use file-obfuscation techniques to allow spyware and other malicious software to avoid detection and removal. Rootkits typically hide logins, processes, files and logs, and may include software to capture information from desktops or a network. A rootkit’s abilities to hide the presence of an intruder and the intruder's actions explain the increase in use of this method.

system monitor
System monitors, typically non-commercial, may monitor and capture your computer activity, including recording all keystrokes, e-mails, chat room dialogue, instant message dialogue, Web sites visited, usernames, passwords, and programs run. This type of program may be capable of taking screen shots of your desktop at scheduled intervals and storing the information on your computer in an encrypted log file for later retrieval. These log files may be sent to a pre-defined e-mail address. A system monitor can run in the background, hiding its presence. These programs typically install via other threats, such as music downloads and Trojan downloaders. These system monitors may allow an unauthorized, third party to view potentially sensitive information, such as passwords, e-mail, and chat room conversation.