Endpoint Security Installation Plan

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP, WatchGuard EDR Core

The WatchGuard Endpoint Security installation process consists of a series of steps that depend on the status of the network at the time of deployment and the number of computers and devices you want to protect. We recommend that you complete these steps to plan the installation of WatchGuard Endpoint Security:

Step 1 — Identify Unprotected Devices

Identify the physical and virtual macOS, Android, iOS, Windows, or Linux computers and devices you want to protect with WatchGuard Endpoint Security.

Verify that you have purchased enough licenses for the unprotected devices. WatchGuard Endpoint Security allows you to install the endpoint agent even when you do not have enough licenses for all the computers you want to protect. Computers without a license still show information such as installed software and hardware on the computer details page, but are not protected.

For more information, go to Unmanaged Computers Discovered List .

Step 2 — Verify Minimum Requirements for Target Devices

Make sure that the computers and devices you want to protect meet the minimum installation requirements. For information on requirements, go to Installation Requirements in the Release Notes.

For modules requirements, go to the appropriate topic:

WatchGuard endpoint security products require access to multiple Internet-hosted resources. Make sure these URLs and ports are open to allow communication with the WatchGuard servers.

For more information on URLs and port access, go to this Knowledge Base article.

Step 3 — Add a Proxy

If required, before you install the endpoint software, you can add a proxy for Windows computers in the management UI. A proxy is a computer that acts as an intermediary for communication between two computers: a client on an internal network and a server on an extranet or the Internet. For more information, go to Add a Proxy (Windows Computers).

Step 4 — Select a Deployment Strategy

Deploy the WatchGuard Agent to computers and devices in your organization with the correct network settings. The deployment strategy depends on the number of devices to protect, the devices with an WatchGuard Agent already installed, and the company network architecture, including whether there is a mobile device management solution in use.

For more information, go to the appropriate installation procedure for your scenario and platform:

Step 5 — Uninstall Products and Restart Computers

If you want to install WatchGuard Endpoint Security on a computer that already has an antivirus solution from another vendor, you can remove the current solution and install WatchGuard Endpoint Security. You can also choose to not remove the current solution, so that the WatchGuard and third-party products coexist on the computer.

You do not have to remove any pre-existing third-party solution when you start a WatchGuard Endpoint Security trial. For information on trials, go to Manage Trials – Service Providers.

By default, the WatchGuard EPDR workstation and server settings have the Uninstall Other Security Products option enabled. Disable this option if you want to keep third-party products on the computer. By default, the WatchGuard EDR workstation and server settings have the Uninstall Other Security Product option disabled. As WatchGuard EDR does not include antivirus protection, it is configured by default to work with antivirus applications already installed on the computer.

When you enable the Uninstall Other Security Product option, if WatchGuard Endpoint Security has the uninstaller for the third-party product, it will uninstall the product and then install WatchGuard EPDR or WatchGuard EPP. If the third-party product cannot be uninstalled, the installation process stops. When you uninstall a third-party antivirus product, you might have to restart the computer.

For a list of the third-party security products that WatchGuard Endpoint Security uninstalls automatically, go to Programs Automatically Uninstalled by WatchGuard Endpoint Security.

Antivirus and WatchGuard EPP

If the target computer already has WatchGuard EPP installed and you want to upgrade to WatchGuard EPDR, the solution automatically uninstalls the communications agent and installs the latest WatchGuard Agent. It then checks if an upgrade to WatchGuard EPDR is required. If it is required, the computer restarts.

For a list of the antivirus solutions that WatchGuard Endpoint Security can automatically uninstall, go to WatchGuard Endpoint Security Supported Uninstallers. If the solution that needs to be needs to be uninstalled is not on the list, it must be removed manually.

Step 6 — Determine Computer Default Settings

When the client software is installed on the computer or device, WatchGuard Endpoint Security applies the group security settings to the computer or device. During installation, you select a target group for the computer with the required network settings. If the network settings for the selected group differ from the settings specified during installation, the installation settings apply.

For more information, go to Best Practices — Installation Tips for Groups and Settings.

Related Topics

Get Started with WatchGuard Endpoint Security

Installation Requirements