Endpoint Security Installation Plan

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product., WatchGuard EDR Core This topic applies to the WatchGuard EDR Core endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product.

The WatchGuard Endpoint Security installation process consists of a series of steps that depend on the status of the network at the time of deployment and the number of computers and devices you want to protect. We recommend that you complete these steps to plan the installation of Endpoint Security:

• Step 1 — Identify Unprotected Devices
• Step 2 — Verify Minimum Requirements for Target Devices
• Step 3 — Add a Proxy
• Step 4 — Select a Deployment Strategy
• Step 5 — Uninstall Products and Restart Computers
• Step 6 — Determine Computer Default Settings

For accounts with more than one WatchGuard product license (for example, an Endpoint Security product license and a FireCloud license), the Configure > Agent Deployment page in WatchGuard Cloud is useful to centrally configure product deployment behavior for endpoint groups and endpoints. For more information, go to Configure WatchGuard Agent Deployment in WatchGuard Cloud.

Step 1 — Identify Unprotected Devices

Identify the physical and virtual Mac, Android, iOS, Windows, or Linux computers and devices you want to protect with Endpoint Security.

Verify that you have purchased enough licenses for the unprotected devices. Endpoint Security allows you to install the WatchGuard Agent even when you do not have enough licenses for all the computers you want to protect. Computers without a license still show information such as installed software and hardware on the computer details page, but are not protected.

For more information, go to Unmanaged Computers Discovered List .

Step 2 — Verify Minimum Requirements for Target Devices

Make sure that the computers and devices you want to protect meet the minimum installation requirements. For information on requirements, go to Installation Requirements in the Release Notes.

For modules requirements, go to the appropriate topic:

• WatchGuard Full Encryption Requirements
• Patch Management Requirements
• Advanced Visualization Tool Requirements
• Data Control Requirements
• SIEMFeeder Requirements

WatchGuard endpoint security products require access to multiple Internet-hosted resources. Make sure these URLs and ports are open to allow communication with the WatchGuard servers.

For more information on URLs and port access, go to Endpoint Security Required Domains and URLs.

Step 3 — Add a Proxy

If required, before you install the endpoint software, you can add a proxy for Windows computers in the management UI. A proxy is a computer that acts as an intermediary for communication between two computers: a client on an internal network and a server on an extranet or the Internet. For more information, go to Add a Proxy (Windows Computers).

Step 4 — Select a Deployment Strategy

Deploy the WatchGuard Agent to computers and devices in your organization with the correct network settings. The deployment strategy depends on the number of devices to protect, the devices with an WatchGuard Agent already installed, and the company network architecture, including whether there is a mobile device management solution in use.

For more information, go to the appropriate installation procedure for your scenario and platform:

• Download the WatchGuard Agent Installer for Endpoint Security Products 
  • Create a Download Link
• Install the Endpoint Software Locally
  • Install the Endpoint Security Software on Windows Computers and Servers
  • Install the Endpoint Security Software on Mac Computers
  • Install the Endpoint Security Software on Linux Computers
  • Install the WatchGuard Mobile Security App on Android Devices
  • Install the WatchGuard Mobile Security App on iOS Devices
• Install the Endpoint Software Remotely (Windows Computers)
• Deploy the Endpoint Software with Centralized Tools (Windows Computers)
• Install the Endpoint Software on Virtual Environments with a Template or Gold Image (Windows Computers)

For accounts with more than one WatchGuard product license (for example, an Endpoint Security product license and a FireCloud license), the Configure > Agent Deployment page in WatchGuard Cloud is useful to centrally configure product deployment behavior for endpoint groups and endpoints. For more information, go to Configure WatchGuard Agent Deployment in WatchGuard Cloud.

Step 5 — Uninstall Products and Restart Computers

If you want to install Endpoint Security on a computer that already has an antivirus solution from another vendor, you can remove the current solution and install Endpoint Security. You can also choose to not remove the current solution, so that the WatchGuard and third-party products coexist on the computer.

You do not have to remove any pre-existing third-party solution when you start an Endpoint Security product trial. For information on trials, go to Manage Trials – Service Providers.

By default, the WatchGuard EPDR workstation and server settings have the Uninstall Other Security Products option enabled. Disable this option if you want to keep third-party products on the computer. By default, the WatchGuard EDR workstation and server settings have the Uninstall Other Security Product option disabled. As WatchGuard EDR does not include antivirus protection, it is configured by default to work with antivirus applications already installed on the computer.

When you enable the Uninstall Other Security Product option, if Endpoint Security has the uninstaller for the third-party product, it will uninstall the product and then install WatchGuard EPDR or EPP. If the third-party product cannot be uninstalled, the installation process stops. When you uninstall a third-party antivirus product, you might have to restart the computer.

For a list of the third-party security products that Endpoint Security uninstalls automatically, go to Programs Automatically Uninstalled by Endpoint Security.

When Endpoint Security upgrades to a new version, the WatchGuard Agent unregisters and re-registers the Endpoint Security protection software with Windows. During this time, Windows Security can report to the user that there is no antivirus enabled. During the upgrade process, your endpoints remain protected by the Endpoint Security antivirus at all times. 

Antivirus and WatchGuard EPP

If the target computer already has WatchGuard EPP installed and you want to upgrade to WatchGuard EPDR, the solution automatically uninstalls the communications agent and installs the latest WatchGuard Agent. It then checks if an upgrade to WatchGuard EPDR is required. If it is required, the computer restarts.

For a list of the antivirus solutions that Endpoint Security can automatically uninstall, go to WatchGuard Endpoint Security Supported Uninstallers. If the solution that needs to be needs to be uninstalled is not on the list, it must be removed manually.

Step 6 — Determine Computer Default Settings

When the client software is installed on the computer or device, Endpoint Security applies the group security settings to the computer or device. During installation, you select a target group for the computer with the required network settings. If the network settings for the selected group differ from the settings specified during installation, the installation settings apply.

For more information, go to Best Practices — Installation Tips for Endpoint Groups and Settings.

Related Topics

Get Started with WatchGuard Endpoint Security

Installation Requirements (external link)