Applies To: WatchGuard Advanced EPDR
Some of the features described in this topic are only available to participants in the ThreatSync Beta program. If a feature described in this topic is not available in your version of WatchGuard Cloud, it is a beta-only feature.
With WatchGuard Advanced EPDR, you can remotely connect to the Windows computers on your network from the Endpoint Security management UI or the ThreatSync management UI. This enables you to investigate a potential attack and remediate it.
Before you begin, the computer you want to connect to remotely must have a remote control settings profile assigned. For more information, go to Configure Remote Control Settings (Windows Computers).
To use the Remote Control tool, your computer and the network perimeter firewall must allow traffic to and from *.rc.pandasecurity.com (port 8080 and 443).
Start a Remote Control Session
You can start a remote control session from the Endpoint Security management UI, or from the ThreatSync management UI on the Incidents page, Incident Details page, and Endpoints page.
- In WatchGuard Cloud, select Configure > Endpoints.
- Select Computers.
- From the left pane, select the My Organization tab.
- Next to the Windows computer or group of computers you want to connect to remotely, click
.
- Select Remote Control.
The Remote Control window for the computer opens.
- In WatchGuard Cloud, select Monitor > Threats > Incidents.
The Incidents page opens. - Select the check box next to an incident.
The Actions menu appears.
- From the Actions drop-down list, select Remote Control.
The Remote Control window for the computer opens.
- In WatchGuard Cloud, select Monitor > Threats > Incidents.
The Incidents page opens. - Select an incident from the list.
The Incident Details page opens. - In the Device section, select
.
The Actions menu appears.
- From the Actions drop-down list, select Remote Control.
The Remote Control window for the computer opens.
- In WatchGuard Cloud, select Monitor > Threats > Endpoints.
- Select the check box next to an endpoint.
The Actions menu appears.
- From the Actions drop-down list, select Remote Control.
The Remote Control window for the computer opens.
The Remote Control window can include up to four tabs:
- Terminal (For information on the remote control terminal, go to Remote Control Terminal — Commands and Parameters (Windows Computers).)
- Processes
- Services
- File Transfer
Select a tab to show the information on each page.
Processes
On the Processes page, the table shows information about each process in the remote computer memory, including the RAM and CPU used. The total CPU used by the processes and the total memory (RAM) used show below the table.
You can search for, stop, and start processes on the computer.
- To specify the frequency that WatchGuard Endpoint Security refreshes the information in the table, from the Refresh Processes list, select the time interval (for example, 5 seconds).
- To filter the list of processes, in the search bar, type the first few letters of a process name, user, or PID.
- To stop a process, select a process in the table and click
. - To start a process, click
. In the Run Task dialog box, type the name of the task you want to start. Click Send.
Services
The Services page shows all services configured on the remote computer and enables you to find specific services to change their status.
You can search for, stop, and start services on the remote computer.
- To specify the frequency that WatchGuard Endpoint Security refreshes the information in the table, from the Refresh Services list, select the interval (for example 5 seconds).
- To filter the table for a service, click Filter and in the search bar, type the first few letters of the service name or description. From the Status drop-down list, select a status (for example, Running or Not Running).
- To stop a service, select the service in the table and click .
- To start a service, select the service in the table and click
. - To refresh the status of a service, select the service in the table and click
.
File Transfer
On the Files page, you can transfer files to and from your computer to the remote computer. You can also navigate the file system on the remote computer and delete files. The file table shows information about each file found on the remote computer.
- To specify the frequency that WatchGuard Endpoint Security refreshes the directory, from the Refresh Directory list, select the interval (for example, 5 seconds).
If there are errors when you try to get access to the remote computer file system, a message bar shows.
- The file path shows at the top of the window. To change directories, click another drive or folder in the file path or in the Name column.
- To show the list of devices connected to the computer, click
in the file path. - To upload a file to the computer, click
. Click Click to Upload to select the file you want to upload.
- To download a file from the computer, select the file in the table that you want to download. Click
.
- To delete a file on the computer, select the file in the table and click
. Endpoint Security deletes the file and removes it from the computer.
Configure Remote Control Settings (Windows Computers)
Connect to Computers Remotely (Windows Computers)
Remote Control Terminal — Commands and Parameters (Windows Computers)