Endpoint Security Installation Plan

Applies To: WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

The WatchGuard Endpoint Security installation process consists of a series of steps that depend on the status of the network at the time of deployment and the number of computers and devices you want to protect. We recommend that you complete these steps to plan the installation of WatchGuard Endpoint Security:

Step 1 — Identify Unprotected Devices

Find computers on the network that do not have protection installed or have a third-party security product installed that you want to replace or complement with WatchGuard Endpoint Security.

Verify that you have purchased enough licenses for the unprotected devices. WatchGuard Endpoint Security allows you to install the endpoint agent even when you do not have enough licenses for all the computers you want to protect. Computers without a license show in the web UI with some information (for example, installed software, hardware, etc.), but are not protected.

For more information, see Install the Client Software Remotely (Windows computers).

Step 2 — Verify Minimum Requirements for Target Devices

Make sure that the computers and devices you want to protect meet the minimum installation requirements. For information on requirements, see Installation Requirements.

WatchGuard endpoint security products require access to multiple Internet-hosted resources. Make sure the client software can access ports 80 and 443.

For more information on URLs and port access, see this Knowledge Base article.

Step 3 — Add a Proxy

If required, before you install the client software, you can add a proxy for Windows computers in the web UI. A proxy is a computer that acts as an intermediary for communication between two computers: a client on an internal network and a server on an extranet or the Internet. For more information, see Add a Proxy (Windows computers).

Step 4 — Select a Deployment Strategy

The deployment strategy depends on the number of Windows computers to protect, the workstations and servers with a WatchGuard endpoint agent already installed, and the company network architecture.

For more information, see the appropriate installation procedure for your scenario:

Step 5 — Uninstall Products and Restart Computers

If you want to install WatchGuard Endpoint Security on a computer that already has an antivirus solution from another vendor, you can remove the current solution and install WatchGuard Endpoint Security. You can also choose to not remove the current solution, so that the WatchGuard and third-party products coexist on the computer.

You do not have to remove any pre-existing third-party solution when you start a WatchGuard Endpoint Security trial. For information on trials, see Endpoint Security Trials – Service Providers.

By default, the WatchGuard EPDR workstation and server settings have the Uninstall Other Security Products option enabled. Disable this option if you want to keep third-party products on the computer. By default, the WatchGuard EDR workstation and server settings have the Uninstall Other Security Product option disabled. As WatchGuard EDR does not include antivirus protection, it is configured by default to work with antivirus applications already installed on the computer.

When you enable the Uninstall Other Security Product option, if WatchGuard Endpoint Security has the uninstaller for the third-party product, it will uninstall the product and then install WatchGuard EPDR or WatchGuard EPP. If the third-party product cannot be uninstalled, the installation process stops. When you uninstall a third-party antivirus product, you might have to restart the computer.

For a list of the third-party security products that WatchGuard Endpoint Security uninstalls automatically, see Programs Automatically Uninstalled by WatchGuard Endpoint Security.

AntiVirus and WatchGuard EPP

If the target computer already has WatchGuard EPP installed and you want to upgrade to WatchGuard EPDR, the solution automatically uninstalls the communications agent and installs the latest WatchGuard endpoint agent. It then checks if an upgrade to WatchGuard EPDR is required. If it is required, the computer restarts.

For a list of the antivirus solutions that WatchGuard Endpoint Security can automatically uninstall, see WatchGuard Endpoint Security Supported Uninstallers. If the solution that needs to be needs to be uninstalled is not on the list, it must be removed manually.

Step 6 — Determine Computer Default Settings

To protect a computer on the network, you must select a target group for the computer and the group network settings during installation. For more information, see Download the WatchGuard Endpoint Agent Installer.

When the software is installed on the computer, WatchGuard Endpoint Security applies the group security settings to the computer. If the network settings for the selected group differ from the settings specified during installation, the installation settings apply.

See Also

Get Started with WatchGuard Endpoint Security

Installation Requirements