Configure TDR Host Sensor Settings

Host Sensor settings control how the Host Sensors operate after they are installed. On the Host Sensor settings page, an Administrator can configure the default Host Sensor settings for all Host Sensors in a TDR account.

A user with Operator credentials can configure Host Sensor settings for a group, which take precedence over the global Host Sensor settings. For more information, see Manage TDR Groups.

The Host Sensor configuration includes these settings:

  • Host Sensor Settings — Control the allowed actions of the Host Sensor.
  • Host Sensor Driver Configuration Settings — Enable and disable settings for the Host Sensor driver. We recommend you keep the default settings unless instructed to change them by WatchGuard.

To see more information about each setting, adjacent to each setting, click .

For most Host Sensor settings, a switch shows whether the setting is enabled or disabled.

— The feature is enabled

— The feature is disabled

To change each setting, click the switch.

One Host Sensor setting that is not on the Host Sensor Settings page is the Age Off For Quarantined Files setting. A user with Operator privileges can configure this setting in the Host Sensors configuration page. For more information, see Configure the Age Off For Quarantined Files.

Configure Host Sensor Settings

To edit the global settings for the Host Sensor:

  1. Log in to the TDR web UI as a user with Administrator credentials.
  2. Select Settings > Host Sensor.
    The Host Sensor page appears.

Screen shot of the Host Sensor settings page

  1. To enable or disable most settings, in the Enabled column, click the switch.
  2. From the Host Ransomware Prevention drop-down list, select the Host Ransomware Prevention mode: TipThis setting controls whether the Host Sensor automatically ends processes and quarantines files that exhibit malicious behavior.
  • Off — The feature is not enabled.
  • Detect — Host Sensors identify processes and files that exhibit malicious behavior and report them to your Threat Detection and Response account for manual intervention.
  • Prevent — Host Sensors detect, and then automatically kill processes and quarantine files that exhibit malicious behavior so that ransomware does not take over the system. Host Sensors report this to your Threat Detection and Response account as an indicator that is already mitigated (score of 1).

If you select Prevent, the Host Sensor takes automatic action to prevent ransomware even if the host is not connected to the Internet or cannot communicate with your TDR account.

  1. In the Baselines Maximum Delay Minutes text box, specify the maximum number of minutes after startup that a Host Sensor can delay before it starts the initial baseline scan of processes, directories, registries, and network statistics.
    Each Host Sensor determines the actual delay when it starts. The delay is a minimum of 1 minute and a maximum of the value you specify.
  2. Click Save.

Host Sensors automatically retrieve the latest Host Sensor settings at the next heartbeat connection to TDR. An installed Host Sensor sends a heartbeat to your TDR account every 30 seconds.

Back Up or Import Host Sensor Settings

You can save a backup of all Host Sensor settings to an .XML file. To add the Host Sensor settings to any TDR account you can import the saved .XML file. This enables a TDR Service Provider to easily copy Host Sensor settings configured in one managed customer account to another managed account.

To save the Host Sensor settings to a backup file:

  1. Select Settings > Host Sensor.
    The list of currently configured signature overrides appears.
  2. Click Backup.
    The .XML file is saved to the downloads folder.

The name of the signature overrides backup file includes the current date and time. For example: 

WatchGuardTDR_SettingsHostSensor_2016-12-13_23-11-02.xml

To import Host Sensor settings from an .XML file:

  1. Click Import.
  2. Select and open the .XML backup file.
    A confirmation dialog box appears.
  3. Click Import.
    The Host Sensor settings are updated to the settings from the file.

See Also

Host Ransomware Prevention

Give Us Feedback     Get Support     All Product Documentation     Technical Search