The WatchGuard Endpoint Security installation process consists of a series of steps that depend on the status of the network at the time of deployment and the number of computers and devices you want to protect. We recommend that you complete these steps to plan the installation of WatchGuard Endpoint Security:
- Step 1 — Identify Unprotected Devices
- Step 2 — Verify Minimum Requirements for Target Devices
- Step 3 — Add a Proxy
- Step 4 — Select a Deployment Strategy
- Step 5 — Uninstall Products and Restart Computers
- Step 6 — Determine Computer Default Settings
Identify the physical and virtual macOS, Android, iOS, Windows, or Linux computers and devices you want to protect with WatchGuard Endpoint Security.
Verify that you have purchased enough licenses for the unprotected devices. WatchGuard Endpoint Security allows you to install the endpoint agent even when you do not have enough licenses for all the computers you want to protect. Computers without a license show in the web UI with some information (such as installed software and hardware), but are not protected.
For more information, see Unmanaged Computers Discovered List .
Make sure that the computers and devices you want to protect meet the minimum installation requirements. For information on requirements, see Installation Requirements.
WatchGuard endpoint security products require access to multiple Internet-hosted resources. Make sure these URLs and ports are open to allow communication with the WatchGuard servers.
For more information on URLs and port access, see this Knowledge Base article.
If required, before you install the endpoint software, you can add a proxy for Windows computers in the web UI. A proxy is a computer that acts as an intermediary for communication between two computers: a client on an internal network and a server on an extranet or the Internet. For more information, see Add a Proxy (Windows computers).
Deploy the WatchGuard endpoint agent to computers and devices in your organization with the correct network settings. The deployment strategy depends on the number of devices to protect, the devices with an endpoint agent already installed, and the company network architecture, including whether there is a mobile device management solution in use.
For more information, see the appropriate installation procedure for your scenario and platform:
- Download the WatchGuard Endpoint Agent Installer
- Install the Endpoint Software
- Install the Endpoint Software Locally
- Install the Endpoint Software Remotely (Windows computers)
- Install the Endpoint Software with Centralized Tools (Windows only)
- Install the Endpoint Software from a Gold Image
If you want to install WatchGuard Endpoint Security on a computer that already has an antivirus solution from another vendor, you can remove the current solution and install WatchGuard Endpoint Security. You can also choose to not remove the current solution, so that the WatchGuard and third-party products coexist on the computer.
You do not have to remove any pre-existing third-party solution when you start a WatchGuard Endpoint Security trial. For information on trials, see Manage Trials – Service Providers.
By default, the WatchGuard EPDR workstation and server settings have the Uninstall Other Security Products option enabled. Disable this option if you want to keep third-party products on the computer. By default, the WatchGuard EDR workstation and server settings have the Uninstall Other Security Product option disabled. As WatchGuard EDR does not include antivirus protection, it is configured by default to work with antivirus applications already installed on the computer.
When you enable the Uninstall Other Security Product option, if WatchGuard Endpoint Security has the uninstaller for the third-party product, it will uninstall the product and then install WatchGuard EPDR or WatchGuard EPP. If the third-party product cannot be uninstalled, the installation process stops. When you uninstall a third-party antivirus product, you might have to restart the computer.
For a list of the third-party security products that WatchGuard Endpoint Security uninstalls automatically, see Programs Automatically Uninstalled by WatchGuard Endpoint Security.
Antivirus and WatchGuard EPP
If the target computer already has WatchGuard EPP installed and you want to upgrade to WatchGuard EPDR, the solution automatically uninstalls the communications agent and installs the latest WatchGuard Endpoint Agent. It then checks if an upgrade to WatchGuard EPDR is required. If it is required, the computer restarts.
For a list of the antivirus solutions that WatchGuard Endpoint Security can automatically uninstall, see WatchGuard Endpoint Security Supported Uninstallers. If the solution that needs to be needs to be uninstalled is not on the list, it must be removed manually.
When the client software is installed on the computer or device, WatchGuard Endpoint Security applies the group security settings to the computer or device. During installation, you select a target group for the computer with the required network settings. If the network settings for the selected group differ from the settings specified during installation, the installation settings apply.