Applies To: WatchGuard Advanced EPDR
From the Blocks by Advanced Security Policies list, when you select an item on the page, the Block by Advanced Security Policy details page opens. Use this page to review the affected computer, the advanced policy and blocked program, and whether the blocked program affects other computers in the network.
The Block by Advanced Security Policy details page includes a Details tab and an Activity tab. In the Overview section of the page, you can review the name of the program, the advanced security policy that blocked it, and the action that WatchGuard Endpoint Security took (for example, Blocked, Detected, etc.).
On the Details tab, you can review information about the affected computer, the user, and the blocked program. To view the full activity details for a blocked program, click View Full Activity Details, or select the Activity tab.
On the Activity tab, Endpoint Security shows the actions taken by programs that the advanced security policies detect on user computers. Because the number of actions and events triggered by a process is very high, the action table only shows the most relevant events triggered by a threat.
Open the Block by Advanced Security Policy Details Page
To open the Block by Advanced Security Policy details page:
- In WatchGuard Cloud, select Monitor > Endpoints.
- Click the Detections by Advanced Security Policies tile.
- In the list, select the computer you want to see the details for.
