Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP
To open the multi-tenant management UI for endpoint security, your Service Provider account must have an active Endpoint Security product license in its inventory.
The Status > Script Control list provides quick access to a list of clients where you can see which client accounts blocked a script. You can sort the list by the Client column.
More information is available in the exported .CSV file. To export the list, in the upper-right corner of the table, click 
.
To filter the list of client accounts, from WatchGuard Cloud:
- From Account Manager, select a Service Provider account.
To select your own Service Provider account, select Overview. Or, select a tier-n Service Provider account. - Select Monitor > Endpoint Security.
- On the Status page, select Script Control.
- Click Filters.
- To refine search results:
- Computer Type — Select the check box for each type of endpoint you want to filter the list for (for example, workstation, laptop, or server).
- Script Type — Show accounts where a specific type of script was blocked. This could be PowerShell, BAAT/CMD/LNK, AutoIT, VBS/JS, Python, PHP, or MSHTA.
- Execution — Show accounts where scripts executed locally, remotely, or both (All).
- Dates — Show accounts where scripts executed during a specific time period (Last 24 Hours, Last 7 Days, or Last Month).
- Interactive Execution — Show accounts where there was interaction with the script (Yes, No, or All).
- Click Filter.
Script Control List
The list displays information about blocked scripts for each account. The list includes this information:
Client
The name of the WatchGuard Cloud account.
Group
The name of the WatchGuard Cloud account group that the account belongs to.
Blocked
The name of the script that was blocked.
Last Block
The date and time when a script was last blocked on the account.