Configure Audit Mode

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, and WatchGuard EDR Core

In the Audit mode settings of a workstations and servers settings profile, you can enable or disable Audit mode. When a device is in Audit mode, it continues to send data to the cloud, but it does not block or disable threats. WatchGuard Endpoint Security only detects the threat and notifies the endpoint user. You might want to use Audit mode to audit or evaluate your current security solution. We recommend that you limit use of Audit mode to minimize the time computers are exposed to detected threats.

To configure global Audit mode:

  1. In WatchGuard Cloud, select Monitor > Endpoints.
  2. Select Settings.
  3. Select Workstations and Servers.
  4. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
    The Add Settings or Edit Settings page opens.
  5. Enter a Name and Description for the profile, if required.
  6. Select Audit Mode.

Screen shot of workstations and servers settings profile, Audit mode

  1. Enable or disable the toggle.

Screen shot of Audit mode confirmation dialog box

  1. If you enable the toggle, a confirmation dialog box opens. Click OK to confirm Audit mode.
    Exercise caution when you enable Audit mode. Threats are detected and reported, but they are not blocked or deleted. Your computers could be at risk of infection. When a device is in Audit mode, Audit mode appears as a risk in Detected Risks on the Risks dashboard.
  2. Click Save.
  3. Select the profile and assign recipients, if required.
    For more information, go to Assign a Settings Profile.

Related Topics

Manage Settings Profiles