In the Antivirus settings of a workstations and servers settings profile, you can configure WatchGuard EPDR and WatchGuard EPP to scan for viruses in files, email messages, and the websites that users visit. You can specify the types of threats to detect and files to scan, as well as enable decoy files.
When WatchGuard EPDR and WatchGuard EPP detect malware or the WatchGuard anti-malware laboratory identifies a suspicious file, WatchGuard Endpoint Security takes one of these actions:
- Known malware files when disinfection is possible — Replaces the infected file with a clean copy.
- Known malware files when disinfection is not possible — Makes a copy of the infected file and deletes the original file.
To configure Antivirus settings:
- In WatchGuard Cloud, select Configure > Endpoints.
- Select Settings.
- From the left pane, select Workstations and Servers.
- Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
The Add Settings or Edit Settings page opens.
- Enter a Name and Description for the profile, if required.
- Select Antivirus.
- To enable virus scanning of the file system, enable the File Antivirus toggle.
- To enable virus scanning for email applications, enable the Email Antivirus toggle.
When you enable Email Antivirus to scan email messages, WatchGuard Endpoint Security detects threats received over the POP3 protocol and encrypted variant. Email Antivirus scans attachments and URLs in the email. When something malicious is detected, WatchGuard Endpoint Security deletes the email or attachment.
- To enable virus scanning on web browsers to detect threats received over HTTP and HTTPS protocols and encrypted variants, enable the Web Browsing Antivirus toggle.
- Configure Threats to Detect, as required.
- To create decoy files, enable the toggle.
This option is available for WatchGuard EPDR and WatchGuard EPP only.
- Configure File Types to Scan, as required.
- Click Save.
- Select the profile and assign recipients, if required.
For more information, see Assign a Settings Profile.
Configure the types of threats that WatchGuard Endpoint Security searches for and removes from the file system, mail client, and Endpoint Security management UI installed on user computers. To add an extra layer of protection, you can also enable decoy files.
To configure the threats you want to detect, in the Threats to Detect section:
- Enable the threats you want to detect and block:
- Detect Viruses — Detects files that contain patterns classified as dangerous.
- Detect Hacking Tools and PUPs — Detects unwanted programs (such as programs with intrusive ads and browser toolbars) and tools used by hackers to gain access to your system.
- Block Malicious Actions — Enables anti-exploit and heuristic technologies that analyze process behavior locally and detect suspicious activity.
- Detect Phishing — Detects fraudulent emails and websites.
This text box is not case-sensitive. Access is allowed to all addresses that start with the specified IP addresses and domains, even if the full URL is longer.
Decoy files are used as bait on computers and help detect ransomware. When there is an attempt to modify a decoy file, WatchGuard Endpoint Security identifies the process as ransomware and ends the process. In the Threats to Detect section, enable Create Decoy Files to Help Detect Ransomware.
Specify the types of files to be scanned by WatchGuard Endpoint Security. To configure file types to scan, in the File Types section, enable the file types you want to scan.
Scan compressed files in emails
Decompresses email attachments and scans their contents for malware.
Scan compressed files on disk
Decompresses compressed files and scans their contents for malware. All compressed files are scanned when they are extracted, modified, or run. For the best performance, we recommend that you do not scan all compressed files on disk.
Scan all files regardless of their extension when they are created or modified
Many types of data files do not pose a threat to the security of computer networks. When you enable this option, WatchGuard Endpoint Security scans all files when they are created or modified. For best performance, we recommend that you do not enable this option.