Applies To: WatchGuard Advanced EPDR
With WatchGuard Advanced EPDR, you can remotely connect to the Windows computers on your network from the Endpoint Security management UI to investigate a potential attack and remediate it.
Before you begin, the computer you want to connect to remotely must have a remote control settings profile assigned. For more information, go to Configure Remote Control Settings (Windows Computers).
To use the Remote Control tool, your computer and the network perimeter firewall must allow traffic to and from *.rc.pandasecurity.com (port 8080 and 443).
To start a remote control session:
- In WatchGuard Cloud, select Configure > Endpoints.
- Select Computers.
- From the left pane, select the My Organization tab.
- Next to the Windows computer or group of computers you want to connect to remotely, click .
- Select Remote Control.
The Remote Control window for the computer opens.
The Remote Control window can include up to four tabs:
- Terminal (For information on the remote control terminal, go to Remote Control Terminal — Commands and Parameters (Windows Computers).)
- About the Remote Control Tool (Windows Computers)
Select a tab to show the information on each page.
On the Processes page, the table shows information about each process in the remote computer memory, including the RAM and CPU used. The total CPU used by the processes and the total memory (RAM) used show below the table.
You can search for, stop, and start processes on the computer.
- To specify the frequency that WatchGuard Endpoint Security refreshes the information in the table, from the Refresh Processes list, select the time interval (for example, 5 seconds).
- To filter the list of processes, in the search bar, type the first few letters of a process name, user, or PID.
- To stop a process, select a process in the table and click .
- To start a process, click . In the Run Task dialog box, type the name of the task you want to start. Click Send.
The Services page shows all services configured on the remote computer and enables you to find specific services to change their status.
You can search for, stop, and start services on the remote computer.
- To specify the frequency that WatchGuard Endpoint Security refreshes the information in the table, from the Refresh Services list, select the interval (for example 5 seconds).
- To filter the table for a service, click Filter and in the search bar, type the first few letters of the service name or description. From the Status drop-down list, select a status (for example, Running or Not Running).
- To stop a service, select the service in the table and click .
- To start a service, select the service in the table and click .
- To refresh the status of a service, select the service in the table and click .
On the Files page, you can transfer files to and from your computer to the remote computer. You can also navigate the file system on the remote computer and delete files. The file table shows information about each file found on the remote computer.
- To specify the frequency that WatchGuard Endpoint Security refreshes the directory, from the Refresh Directory list, select the interval (for example, 5 seconds).
If there are errors when you try to get access to the remote computer file system, a message bar shows.
- The file path shows at the top of the window. To change directories, click another drive or folder in the file path or in the Name column.
- To show the list of devices connected to the computer, click in the file path.
- To upload a file to the computer, click . Click Click to Upload to select the file you want to upload.
- To download a file from the computer, select the file in the table that you want to download. Click .
- To delete a file on the computer, select the file in the table and click . Endpoint Security deletes the file and removes it from the computer.