Threat Detection and Response is a collection of advanced malware defense tools that correlate threat indicators from Fireboxes and Host Sensors to enable real-time, automated response to stop known, unknown, and evasive threats.
As part of the TDR solution, you install TDR Host Sensors to provide endpoint protection. In some cases, the TDR Host Sensor might have conflicts with the antivirus software installed on your endpoints. To resolve this issue, you can configure exclusions in the antivirus software and in TDR.
This document includes information about the integration of a TDR Host Sensor with a host that runs VIPRE Endpoint Security. It does not describe the procedure to set up Threat Detection and Response. For information about how to set up your TDR account, how to enable TDR on a Firebox, and how to install a Host Sensor, see Quick Start — Set Up Threat Detection and Response.
To avoid conflicts between the TDR Host Sensor and VIPRE Endpoint Security, add these exclusions:
- Exclusions in TDR for VIPRE Endpoint Security — for Windows:
- C:\Program Files (x86)\VIPRE Business Agent\
- C:\Program Files\VIPRE Business Agent\
- C:\ProgramData\VIPRE Business Agent\
- Exclusions in TDR for VIPRE Endpoint Security — for Mac:
- /Library/Application Support/Vipre/
- Exclusions in VIPRE Endpoint Security for the TDR Host Sensor — for Windows:
- 64-bit Windows — C:\Program Files (x86)\WatchGuard\Threat Detection and Response\
- 32-bit Windows — C:\Program Files\WatchGuard\Threat Detection and Response\
- Exclusions in VIPRE Endpoint Security for the TDR Host Sensor — for Mac:
To complete this deployment, you must have:
- An active Threat Detection and Response subscription, with Host Sensor licenses
- VIPRE Endpoint Security Cloud:
- VIPRE Business Agent 11.0.7629 — For Windows
- VIPRE Endpoint Security 11.0.21 (340) — For Mac
The TDR and Fireware versions tested for this deployment included:
- TDR Host Sensor 220.127.116.1156
- Firebox with Fireware 12.5 or higher
The Windows test environment for this deployment included:
- Windows 7, 8.1, 10 Enterprise 64-bit Operating System
- Memory (RAM) — 8 GB
- Processor — 2 CPU Cores
The Mac test environment for this deployment included:
- macOS 10.13
- Memory (RAM) — 8 GB
- Processor — Intel Core i5
Configure Exclusions in TDR
In your TDR account, you can add exclusions to manually identify paths for files and processes that you do not want Host Sensors to monitor. Before you deploy a Host Sensor on computers that have VIPRE Endpoint Security agent installed, add exclusions for the VIPRE Endpoint Security file paths as TDR Exclusions in your TDR account.
In your TDR account, add the TDR exclusions for the paths shown in the Integration Summary.
Unless otherwise noted, configure each TDR exclusion with these options, which are selected by default:
- Also exclude subfolders
- Entities to exclude: Files and Processes
To add an exclusion in TDR:
- Log in to your TDR account or managed account as a user with Operator privileges.
- Select Configuration > Exclusion.
- Click Add Exclusion.
The Add Exclusion dialog box appears.
- In the Path text box, type the path to exclude. Folders specified in an exclusion must end with a backslash.
- To apply the exception to all hosts, in the Hosts / Groups text box, specify the group All Hosts.
- Click Save & Close.
Repeat these steps to add each exclusion.
Configure Exclusions in VIPRE Endpoint Security
To exclude directories used by the TDR Host Sensor, add the exclusions for the paths listed in the Integration Summary.
To add an exclusion in VIPRE Endpoint Security Cloud — Both Windows and Mac:
- Log in to your VIPRE Endpoint Security management console.
- In the left panel, click Exclusions.
- In the Exclusion page, click Windows or Mac.
- In the right top corner, click Add Exclusion List.
- In the pop-up window, specify a list name, click Next.
- In the new list page, in the top right corner, click Add Exclusion.
- Set the SUBTYPE to Folder (for Windows) or Filepath (for Mac).
- In the VALUE text box, type the TDR path to exclude. Click Add.
- Click Scope, click Edit Policy Associations, select a Policy, and then click Update.
- In the top-right corner, click Create.
For information about the integration testing methodology, see TDR Testing Methodology.