Settings vary for WatchGuard EPDR, WatchGuard EDR, and WatchGuard EPP. Throughout this documentation, WatchGuard Endpoint Security refers generally to all three products. If you do not see a setting in the web UI, it is not supported by your product.
In the Advanced Protection settings of a workstations and servers settings profile, you can configure WatchGuard Endpoint Security to detect and block malicious programs.
The operating mode defines how the advanced protection responds when it detects an unknown file. There are three modes: Audit, Hardening, and Lock.
Reports detected threats on dashboards and lists, but does not block or disinfect files.
- Allows execution of unknown programs already installed on user computers.
- Blocks unknown programs that originate from an untrusted source (such as the Internet, external storage drives, or other computers on the network) until a classification is returned.
- Disinfects or deletes programs classified as malware.
Prevents execution of all programs classified as malware, as well as all unknown programs pending classification.
Report Blocking to Computer Users
To show a message in a pop-up alert on the user computer when advanced protection or anti-exploit features block a file, enable the Report Blocking to Computer Users toggle. Optionally, you can specify a custom message to include in the alert.