In the Antivirus settings of a workstations and servers settings profile, you can configure WatchGuard EPDR and WatchGuard EPP to scan for viruses in files, email messages, and the websites that users visit. You can specify the types of threats to detect and files to scan.
When WatchGuard EPDR and WatchGuard EPP detect malware or the WatchGuard anti-malware laboratory identifies a suspicious file, WatchGuard Endpoint Security takes one of these actions:
- Known malware files when disinfection is possible — Replaces the infected file with a clean copy.
- Known malware files when disinfection is not possible — Makes a copy of the infected file and deletes the original file.
To configure Antivirus settings:
- From the top navigation bar, select Settings.
- From the left pane, select Workstations and Servers.
- Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
The Add Settings or Edit Settings page opens.
- Enter a Name and Description for the profile, if required.
- Select Antivirus.
- To enable virus scanning of the file system, enable the File Antivirus toggle.
- To enable virus scanning for email applications, enable the Email Antivirus toggle.
- To enable virus scanning on web browsers to detect threats received over the HTTP protocol and encrypted variants, enable the Web Browsing Antivirus toggle.
- Configure these settings, as required.
- Click Save.
- Select the profile and assign recipients, if required.
For more information, see Assign a Settings Profile.
Configure the types of threats that WatchGuard Endpoint Security searches for and removes from the file system, mail client, and web UI installed on user computers.
To configure the threats you want to detect, in the Threats to Detect section:
- Enable the threats you want to detect and block:
- Detect Viruses — Detects files that contain patterns classified as dangerous.
- Detect Hacking Tools and PUPs — Detects unwanted programs (such as programs with intrusive ads and browser toolbars) and tools used by hackers to gain access to your system.
- Block Malicious Actions — Enables anti-exploit and heuristic technologies that analyze process behavior locally and detect suspicious activity.
- Detect Phishing — Detects fraudulent emails and websites.
This text box is not case-sensitive. Access is allowed to all addresses that start with the specified IP addresses and domains, even if the full URL is longer.
Specify the types of files to be scanned by WatchGuard Endpoint Security.
- To configure file types to scan, in the File Types section, enable the file types you want to scan.
Scan compressed files in emails
Decompresses email attachments and scans their contents for malware.
Scan compressed files on disk
Decompresses compressed files and scans their contents for malware. All compressed files are scanned when they are extracted, modified, or run. For the best performance, we recommend that you do not scan all compressed files on disk.
Scan all files regardless of their extension when they are created or modified
Many types of data files do not pose a threat to the security of computer networks. When you enable this option, WatchGuard Endpoint Security scans all files when they are created or modified. For best performance, we recommend that you do not enable this option.