WatchGuard EPDR Security Dashboard

Applies To: WatchGuard EPDR

The WatchGuard EPDR Security dashboard shows an overview of the security status of the network for a specific time period. Several tiles show important information and provide links to more details.

Screen shot of the WatchGuard EPDR Security dashboard

Time Period Selector

The dashboard shows information for the time period selected by the administrator in the drop-down list at the top of the Status page.

Screen shot of the Time Selector drop-down list

You can select the following time periods:

  • Last 24 hours
  • Last 7 days
  • Last month
  • Last year

Some tiles do not show information for the last year. If last year information is not available for a specific tile, a notification is displayed.

The Security dashboard includes these tiles:

Click a tile to view detailed information.

Status Icons

The icons in the Advanced Protection, Antivirus, Updated Protection, and Knowledge columns indicate their status:

  • The installing icon — Installing
  • The Enabled icon — Enabled
  • The Disabled icon — Disabled
  • The Error icon — Error
  • The No License icon — No License
  • The Not Available Icon — Not Available
  • The Pending Restart icon — Pending Restart

Protection Status

The Protection Status tile shows:

  • Computers where WatchGuard EPDR works properly
  • Computers with errors or problems installing or running the product

Screen shot of the Protection Status tile

Click the tile to open the Computer Protection Status list.

Screen shot of the Computer Protection Status list

To filter the Computer Protection Status list:

  1. Click Filters.
  2. Select the Computer Type.
  3. Specify platform, connection, and protection parameters.
  4. Select the Protection Status.
  5. Select the Isolation Status.
  6. Click Filter.

Offline Computers

The Offline Computers tile shows the number of computers that have not connected to the cloud for a number of days.

Screen shot of the Offline Computers tile

Click the tile to see details of the computers that might be susceptible to security problems and require attention.

Screen shot of the Offline Computers list

Outdated Protection

The Outdated Protection tile shows the number of computers with a signature file that is more than three days older than the latest released file. It also shows the computers with an antivirus engine that is more than seven days older than the latest released engine.

  • Protection — For at least seven days, the computer has had a version of the antivirus engine older than the latest released engine.
  • Knowledge — The computer has not updated its signature file for at least three days.
  • Pending Restart — The computer requires a restart to complete the update.

Screen shot of the Outdated Protection tile

Click the progress bar in the tile to see the list of computers associated with each status:

  • Computers with out-of-date protection
  • Computers with out-of-date knowledge
  • Computers pending restart

Programs Allowed by the Administrator

The Programs Allowed by the Administrator tile shows the number of programs the administrator allows which WatchGuard EPDR initially prevented from running. WatchGuard EPDR classified these programs as a threat (malware, PUP, or exploit) or as unknown files in the process of classification.

Screen shot of the Programs Allowed by the Administrator tile

Click the tile to display specific information in a list.

Screen shot of the Programs Allowed by the Administrator detail page

Click History to see all events related to threats and unknown files in the process of classification that the administrator allowed to run.

Programs Blocked By the Administrator

The Programs Blocked by the Administrator tile shows the number of programs blocked by the administrator on the computers on the network.

Screen shot of the Programs Blocked by the Administrator tile

Click the tile to display specific information in a list.

Screen shot of the Programs Blocked by the Administrator detail page

Classification of All Programs Run and Scanned

This tile shows the processes and programs run in your organization for the selected time period and their classification (for example, trusted programs or malware).

The data in this tile is for the entire IT network, not only computers that the administrator has permissions for.

Programs under classification appear in the tile after WatchGuard EPDR classifies them:

Screen shot of the Classification of all Programs Run and Scan tile

Program Classification

  • Trusted Programs — Programs run in the selected period that WatchGuard EPDR classified as trusted.
  • Malware — Programs that tried to run in the selected period, and WatchGuard EPDR classified as malware, zero-day threats, or targeted attacks.
  • Exploits — Exploit attacks that compromised or tried to compromise trusted programs on computers.
  • PUPs (Potentially Unwanted Programs) — Programs that tried to run in the selected period, and WatchGuard EPDR classified as PUPs.

Malware Activity, PUP Activity, and Exploit Activity

These tiles show incidents detected in processes run by the workstations and servers on the network, as well as their file systems. Incidents are reported by real-time scans as well as on-demand scan tasks.

WatchGuard EPDR shows an incident in the Malware and PUP tiles for each computer or threat pair found on the network. If an incident occurs multiple times in five minutes, WatchGuard EPDR only registers the first incident. The same incident can register a maximum of two times every 24 hours.

Screen shot of the Malware Activity and PUP Activity tiles

The Exploit Activity tile shows the number of vulnerability exploit attacks against Windows computers on the network. WatchGuard EPDR reports an incident in the Exploit Activity tile for each computer or different exploit attack pair found on the network. If an attack repeats several times, WatchGuard EPDR reports a maximum of 10 incidents every 24 hours for each computer-exploit pair found.

Screen shot of the Exploit Activity tile

Currently Blocked Programs Being Classified

The Currently Blocked Programs Being Classified tile shows the number of programs that WatchGuard EPDR currently blocks.

Screen shot of the Currently Blocked Programs Being Classified tile

Click the tile to see a list of files that WatchGuard EPDR determined to be risky before classification. To remove a program from the list, from the options menu for a computer, select Delete from list.

Screen shot of the Currently Blocked Programs Being Classified details

Threats Detected by Antivirus

This tile shows all intrusion attempts that WatchGuard EPDR detected in the selected time period. The data covers all infection vectors and all supported platforms. Administrators can get specific data (volume, type, form of attack) related to the malware.

Screen shot of the Threats Detected by Antivirus tile

Click the tile to see detailed information about detected threats.

Screen shot of the Threats Detected by the Antivirus detail page

See Also

My Lists

Web Access Dashboard

Unmanaged Computers Discovered List