Configure Antivirus Scanning

Applies To: WatchGuard EPDR, WatchGuard EPP

In the Antivirus settings of a workstations and servers settings profile, you can configure WatchGuard EPDR and WatchGuard EPP to scan for viruses in files, email messages, and the websites that users visit. You can specify the types of threats to detect and files to scan.

Screen shot of WatchGuard Endpoint Security, Add settings page

When WatchGuard EPDR and WatchGuard EPP detect malware or the WatchGuard anti-malware laboratory identifies a suspicious file, WatchGuard Endpoint Security takes one of these actions:

  • Known malware files when disinfection is possible — Replaces the infected file with a clean copy.
  • Known malware files when disinfection is not possible — Makes a copy of the infected file and deletes the original file.

To configure Antivirus settings:

  1. From the top navigation bar, select Settings.
  2. From the left pane, select Workstations and Servers.
  3. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.

    The Add Settings or Edit Settings page opens.
  4. Enter a Name and Description for the profile, if required.
  5. Select Antivirus.
  6. To enable virus scanning of the file system, enable the File Antivirus toggle.
  7. To enable virus scanning for email applications, enable the Email Antivirus toggle.
  8. To enable virus scanning on web browsers to detect threats received over the HTTP protocol and encrypted variants, enable the Web Browsing Antivirus toggle.
  9. Configure these settings, as required.
  10. Click Save.
  11. Select the profile and assign recipients, if required.
    For more information, see Assign a Settings Profile.

Configure Threats to Detect

Configure the types of threats that WatchGuard Endpoint Security searches for and removes from the file system, mail client, and web UI installed on user computers.

To configure the threats you want to detect, in the Threats to Detect section:

  1. Enable the threats you want to detect and block:
    • Detect Viruses — Detects files that contain patterns classified as dangerous.
    • Detect Hacking Tools and PUPs — Detects unwanted programs (such as programs with intrusive ads and browser toolbars) and tools used by hackers to gain access to your system.
    • Block Malicious Actions — Enables anti-exploit and heuristic technologies that analyze process behavior locally and detect suspicious activity.
    • Detect Phishing — Detects fraudulent emails and websites.
  2. If you enable Detect Phishing, in the Do Not Detect Threats at the Following Addresses and Domains text box, type IP addresses and domains you want to exclude from phishing scans, separated by commas.
    This text box is not case-sensitive. Access is allowed to all addresses that start with the specified IP addresses and domains, even if the full URL is longer.

Configure File Types to Scan

Specify the types of files to be scanned by WatchGuard Endpoint Security.

  • To configure file types to scan, in the File Types section, enable the file types you want to scan.
  • Scan compressed files in emails

    Decompresses email attachments and scans their contents for malware.

    Scan compressed files on disk

    Decompresses compressed files and scans their contents for malware. All compressed files are scanned when they are extracted, modified, or run. For the best performance, we recommend that you do not scan all compressed files on disk.

    Scan all files regardless of their extension when they are created or modified

    Many types of data files do not pose a threat to the security of computer networks. When you enable this option, WatchGuard Endpoint Security scans all files when they are created or modified. For best performance, we recommend that you do not enable this option.

See Also

Manage Settings Profiles