Troubleshoot WatchGuard Agent and Endpoint Security Settings

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EPP

When you suspect the WatchGuard Agent contributes to a problem on an endpoint—such as a conflict with third-party software or system performance issues—you must identify the WatchGuard Endpoint Security setting that causes the issue.

A minimal configuration approach can help you resolve a WatchGuard Agent issue or determine the diagnostic data to collect for further analysis by Support.

Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have the Configure Security for Workstations and Servers permission to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.

Create a Minimal Configuration

Begin with the most basic configuration of Endpoint Security settings. In this example, we enable only the File Antivirus setting and disable all others. You can then apply the configuration to one of the affected endpoints and begin your testing of the WatchGuard Agent issue.

To apply a minimal configuration of settings, in WatchGuard Cloud:

  1. Select Configure > Endpoint Security.
  2. Select Settings.
  3. From the left pane, select Workstations and Servers.
  4. Select an existing security settings profile to edit.
  5. Disable all settings.
  6. From the Antivirus section, enable only File Antivirus.

    Screen shot of how to enable File Antivirus

  7. If you use Advanced EPDR, from the left pane, select Indicators of Attack (IOA) and disable Advanced IOA.

    Screen shot of how to disable Advanced IOA

  8. From the left pane, select Endpoint Access Enforcement and disable Endpoint Access Enforcement.

    Screen shot of how to disable Enable Access Enforcement

After you apply the configuration changes, restart the endpoint and make sure the new configuration loads. After you restart it, test the endpoint to verify whether the WatchGuard Agent issue persists.

  • If the issue persists, contact Support and provide any requested information.
  • If the issue does not persist, to identify the setting responsible, continue to enable settings individually.

Enable Settings Individually

You can enable settings individually and test the system after each configuration change to identify the setting that causes the WatchGuard Agent issue.

  1. Select Configure > Endpoint Security.
  2. Select Settings.
  3. From the left pane, select Workstations and Servers.
  4. Select an existing security settings profile to edit.
  5. From the Antivirus section, enable Web Browsing Antivirus.

    Screen shot of how to enable Web Browsing Antivirus

  6. If the issue no longer occurs after you enable Web Browsing Antivirus, from the Advanced Protection section, enable Advanced Protection.

    Restart the endpoint after you enable the Advanced Protection setting.

    Screen shot of how to enable Advanced Protection

  7. If the issue occurs after you enable Advanced Protection, disable Anti-Exploit > Code Injection.

    Restart the endpoint after you disable the Anti-Exploit > Code Injection setting.

    Screen shot of how to disable Code Injection

If the issue does not occur when you change these settings, continue to enable the remaining settings one at a time until you identify the setting that caused the issue.

Collect Data

After you identify the problematic setting, contact Support and provide any requested logs or information to help resolve the issue.