TDR and Panda

Deployment Overview

Threat Detection and Response (TDR) is a collection of advanced malware defense tools that correlate threat indicators from Fireboxes and Host Sensors to enable real-time, automated response to stop known, unknown, and evasive threats.

As part of the TDR solution, you install TDR Host Sensors to provide endpoint protection. In some cases, the TDR Host Sensor might have conflicts with the antivirus software installed on your endpoints. To resolve this issue, you can configure exclusions in the antivirus software and in TDR.

This document includes information about the integration of a TDR Host Sensor with a host that runs Panda Security. It does not describe the procedure to set up Threat Detection and Response. For information about how to set up your TDR account, how to enable TDR on a Firebox, and how to install a Host Sensor, see Quick Start — Set Up Threat Detection and Response.

Integration Summary

To avoid conflicts between the TDR Host Sensor and Panda Endpoint Protection, add these exclusions:

  • Exclusions in TDR for Panda Endpoint Protection — For Windows:
    • C:\Program Files (x86)\Panda Security\
    • C:\Program Files\Panda Security\
    • C:\ProgramData\Panda Security\
  • Exclusions in TDR for Panda Endpoint Protection — For Mac:
    • /private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/C/PKInstallSandboxManager/*.activeSandbox/Root/Applications/Panda
    • /private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/C/PKInstallSandboxManager/*.activeSandbox/Root/Library/LaunchDaemons/com.intego.virusbarrier.daemon.panda.plist
  • Exclusions in Panda Endpoint Protection for the TDR Host Sensor — For Windows:
    • 64-bit Windows — C:\Program Files (x86)\WatchGuard\Threat Detection and Response\
    • 32-bit Windows — C:\Program Files\WatchGuard\Threat Detection and Response\
  • Exclusions in Panda Endpoint Protection for the TDR Host Sensor — For Mac:
    • /usr/local/watchguard/

If the Host Sensor and Panda Endpoint Protection detect and respond to a threat at the same time, this can cause high utilization of system resources such as CPU, memory, and disk I/O.

Configuration Details

To complete this deployment, you must have:

  • An active Threat Detection and Response subscription with Host Sensor licenses
  • Panda Endpoint Protection:
    • Panda Endpoint Agent — For Windows
    • Panda Endpoint Protection — For Windows
    • Panda Endpoint Agent — For Mac
    • Panda Endpoint Protection — For Mac

The TDR and Fireware versions tested for this deployment included:

  • TDR Host Sensor
  • Firebox with Fireware v12.5 or higher

The Windows test environment for this deployment included:

  • Windows 7, 8.1, 10 Enterprise 64-bit Operating System
  • Memory (RAM) — 8 GB
  • Processor — 2 CPU Cores

The Mac test environment for this deployment included:

  • macOS 10.13
  • Memory (RAM) — 8 GB
  • Processor — Intel Core i5

Configure Exclusions in TDR

In your TDR account, add the exclusions to manually identify paths for files and processes that you do not want Host Sensors to monitor. Before you deploy a Host Sensor on computers that have Panda Endpoint Protection installed, add exclusions for the Panda Endpoint Protection file paths as TDR Exclusions in your TDR account.

In your TDR account, add the TDR exclusions for the paths shown in the Integration Summary.

Unless otherwise noted, configure each TDR exclusion with these options, which are selected by default:

  • Also exclude subfolders
  • Entities to exclude: Files and Processes

To add an exclusion in TDR:

  1. Log in to your TDR account or managed account as a user with Operator privileges.
  2. Select Configuration > Exclusion.
  3. Click Add Exclusion.
    The Add Exclusion dialog box appears.
  4. In the Path text box, type the path to exclude. Folders specified in an exclusion must end with a backslash.
  5. To apply the exception to all hosts, in the Hosts / Groups text box, specify the group All Hosts.
  6. Click Save & Close.

Repeat these steps to add each exclusion.

Configure Exclusions in Panda Endpoint Protection

In Panda Endpoint Protection, add the exclusions to identify the paths for files and locations to exclude. To prevent conflicts between the Host Sensor and Panda Endpoint Protection, we recommend you add exclusions in Panda Endpoint Protection for the paths used by the TDR Host Sensor.

To exclude directories used by the TDR Host Sensor, add the exclusions for the paths listed in the Integration Summary.

To add an exclusion in Panda Endpoint Protection — Both Windows and Mac:

  1. Access the Web Console.
  2. Select Settings > Security > Workstations and servers .
  3. Click Add.
  4. Click the general.
  5. In the Exclusions section, type the TDR file paths in the Folders text box.
  6. Leave the default value for all other settings.
    The default name is New security settings for workstations and servers.
  7. Click Save.
  8. Click COMPUTERS.
  9. Click My organization icon.
  10. In the My Organization section, from the default group All, click screenshot of panda .
  11. Screenshot of panda

  12. Click Settings.
  13. From the dialog box, click Security for Workstation and Servers, check the New security settings for workstations and servers.
  14. Close the dialog box.

The results of this testing might also apply to these products, which were not tested:

  • Endpoint Fusion
  • Endpoint Protection Plus
  • Adaptive Defense
  • Adaptive Defense 360

For information about the integration testing methodology, see TDR Testing Methodology.

Panda and TDR run simultaneously. In some situations, Panda will consume available CPU when host sensor files are scanned. To prevent this situation, add additional exclusions in Panda. Because Panda does not support wildcards, you must add six global exceptions and six specific exceptions for every user directory those targets.

For global exceptions in all hosts( or a Panda host group) you must add exceptions for:

  • C:\!TDR.Bin\
  • C:\ΩTDR.Bin\
  • C:\Users\!TDR.Bin\
  • C:\Users\ΩTDR.Bin\
  • C:\Users\Public\Documents\!TDR.Bin\
  • C:\Users\Public\Documents\ΩTDR.Bin\

Then, for each user, add the exceptions below to either all hosts or the hosts they use:

You cannot use a wildcard for the username placeholder.

  • C:\Users\<username>\!TDR.Bin\
  • C:\Users\<username>\ΩTDR.Bin\
  • C:\Users\<username>\Desktop\!TDR.Bin\
  • C:\Users\<username>\Desktop\ΩTDR.Bin\
  • C:\Users\<username>\Documents\!TDR.Bin\
  • C:\Users\<username>\Documents\ΩTDR.Bin\

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search