Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, and WatchGuard EDR Core
WatchGuard Endpoint Security denies all communications to and from isolated computers, except those required to perform remote forensic analysis and to use the remediation tools in WatchGuard Endpoint Security.
Allowed Processes and Services
System Processes
- All services required for the computer to be part of the corporate network, such as DHCP services to obtain IP addresses, ARP, WINS, and DNS host name resolution services.
WatchGuard Endpoint Security Processes
- Services required to communicate with the default gateway
- Services required to communicate with the WatchGuard server to enable the protection engines to work, download signature files, and enable administrators to perform remote management tasks in the management UI
- Services required by an isolated machine with the discovery computer role to perform discovery tasks
- Services required by an isolated machine with the cache role to act as a file server
- Services required by a machine with the WatchGuard Proxy role assigned to act as a connection proxy
- Services required by the Panda Systems Management agent to enable use of non-intrusive remote tools
Blocked Communications
All communications that are not listed in the section above are denied. This includes:
- Connections to the operating system Windows Update service
- Web browsing, FTP, mail, and other Internet protocols
- SMB file transfer between PCs on the network
- Remote installation of the endpoint security product
The Patch Management module remains operational on isolated computers.
Isolate a Computer (Windows and Mac Computers)