Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR
On the Status > Security dashboard, unknown processes show in the Currently Blocked Programs Being Classified tile until WatchGuard Advanced EPDR, EPDR EDR has analyzed them. Sometimes it is not possible to complete the analysis because the file is too large (larger than 50 MB) or no longer available on the user computer. When this happens, unknown files continue to display in the Currently Blocked Programs Being Classified tile. A "Couldn't get the file" status for the file might show in the list.
If you are certain that the file is goodware, you can create a rule with the Authorized Software feature to unblock the unknown file. For more information, go to Configure Authorized Software Settings (Windows Computers). If you are not sure of the nature of the unknown file, contact Support.
You can delete a blocked program that is in the process of classification to simplify the list. Internally, WatchGuard Endpoint Security continues to consider these items as unknown. If an attempt is made to run them again, they reappear in the Currently Blocked Programs Being Classified tile and list.
To remove unknown files from the blocked file tile and list:
- In WatchGuard Cloud, select Monitor > Endpoints.
- Select Status > Security.
- Click the Currently blocked programs being classified tile.
The Currently blocked programs being classified list opens. - In the list, select the check box for the files you want to remove from the list.
- In the toolbar, click Delete.
A confirmation dialog box opens. - Click Delete.
The deleted items appear in the History of blocked programs list with the Action field updates to show Deleted from list. These files cannot be unblocked.