Isolated Computers – Allowed Processes

Applies To: WatchGuard EPDR, WatchGuard EDR

WatchGuard Endpoint Security denies all communications to and from isolated computers except those required to perform remote forensic analysies and to use the remediation tools in WatchGuard Endpoint Security.

Allowed Processes and Services

System Processes

  • All services required for the computer to be part of the corporate network, such asincluding DHCP services to obtain IP addresses, ARP, WINS and DNS host name resolution services, etc.

WatchGuard Endpoint Security Processes

  • Services required to communicate with the default gateway
  • Services required to communicate with the WatchGuard server in order to allow the protection engines to work, download signature files, and enable administrators to perform remote management tasks invia the web UI
  • Services required by an isolated machine with the discovery computer role to perform discovery tasks
  • Services required by an isolated machine with the cache role to act as a file server
  • Services required by a machine with the WatchGuard Proxy role assigned to act as a connection proxy

Blocked Communications

All communications that are not listed in the section above are denied. This includes:, including:

  • Connection to the operating system's Windows Update service
  • Web browsing, FTP, mail and other Internet protocols
  • SMB file transfer between PCs on the network
  • Remote installation of the endpoint security product

See Also

Isolate a Computer (Windows computers)

Computer Details

Scan Computers and Devices

Restart a Computer (Windows computers)