Advanced Protection – Operating Modes (Windows computers)

Applies To: WatchGuard EPDR, WatchGuard EDR

Settings vary for WatchGuard EPDR, WatchGuard EDR, and WatchGuard EPP. If you do not see a setting in the web UI, it is not supported by your product.

In the Advanced Protection settings of a workstations and servers settings profile, you can configure WatchGuard Endpoint Security to detect and block malicious programs.

Screen shot of WatchGuard Endpoint Security, Advanced Protection settings

The operating mode defines how the advanced protection responds when it detects an unknown file. There are three modes: Audit, Hardening, and Lock.

Audit

Reports detected threats on dashboards and lists, but does not block or disinfect files.

Hardening

  • Allows execution of unknown programs already installed on user computers.
  • Blocks unknown programs that originate from an untrusted source (such as the Internet, external storage drives, or other computers on the network) until a classification is returned.
  • Disinfects or deletes programs classified as malware.

Lock

Prevents execution of all programs classified as malware, as well as all unknown programs pending classification.

Report Blocking to Computer Users

To show a message in a pop-up alert on the user computer when advanced protection or anti-exploit features block a file, enable the Report Blocking to Computer Users toggle. Optionally, you can specify a custom message to include in the alert.

See Also

Manage Settings Profiles

Copy a Settings Profile

Edit a Settings Profile

Assign a Settings Profile

Workstation and Server Security Settings