Applies To: WatchGuard EPDR
The WatchGuard EPDR Security dashboard shows an overview of the security status of the network for a specific time period. Several tiles show important information and provide links to more details.
Time Period Selector
The dashboard shows information for the time period selected by the administrator in the drop-down list at the top of the Status page.
You can select the following time periods:
- Last 24 hours
- Last 7 days
- Last month
- Last year
Some tiles do not show information for the last year. If last year information is not available for a specific tile, a notification is displayed.
The Security dashboard includes these tiles:
- Protection Status
- Offline Computers
- Outdated Protection
- Programs Allowed by the Administrator
- Programs Blocked by the Administrator
- Classification of All Programs Run and Scanned
- Malware Activity, PUP Activity, Exploit Activity
- Currently Blocked Programs Being Classified
- Threats Detected by Antivirus
Click a tile to view detailed information.
The icons in the Advanced Protection, Antivirus, Updated Protection, and Knowledge columns indicate their status:
- — Installing
- — Enabled
- — Disabled
- — Error
- — No License
- — Not Available
- — Pending Restart
The Protection Status tile shows:
- Computers where WatchGuard EPDR works correctly and where it does not
- Computers with installation errors or problems
Click the tile to open the Computer Protection Status list.
Not all columns are available for each type of device.
To filter the Computer Protection Status list:
- Click Filters.
- Select the Computer Type.
- Specify platform, connection, and protection parameters.
- Select the Protection Status.
- Select the Isolation Status.
- Click Filter.
The Offline Computers tile shows the number of computers that have not connected to the cloud for a number of days.
Click the tile to see details of the computers that might be susceptible to security problems and require attention.
For more information on the icons used in this list, see Icons.
The Outdated Protection tile shows the number of computers with a signature file that is more than three days older than the latest released file. It also shows the computers with an antivirus engine that is more than seven days older than the latest released engine.
- Protection — For at least seven days, the computer has had a version of the antivirus engine older than the latest released engine.
- Knowledge — The computer has not updated its signature file for at least three days.
- Pending Restart — The computer requires a restart to complete the update.
Click the progress bar in the tile to see the list of computers associated with each status:
- Computers with out-of-date protection
- Computers with out-of-date knowledge
- Computers pending restart
The Programs Allowed by the Administrator tile shows the number of programs the administrator allows which WatchGuard EPDR initially prevented from running. WatchGuard EPDR classified these programs as a threat (malware, PUP, or exploit) or as unknown files in the process of classification.
Click the tile to display specific information in a list.
Click History to see all events related to threats and unknown files in the process of classification that the administrator allowed to run.
The Programs Blocked by the Administrator tile shows the number of programs blocked by the administrator on the computers on the network.
Click the tile to display specific information in a list.
This tile shows the processes and programs run in your organization for the selected time period and their classification (for example, trusted programs or malware).
The data in this tile is for the entire IT network, not only computers that the administrator has permissions for.
Programs under classification appear in the tile after WatchGuard EPDR classifies them:
- Trusted Programs — Programs run in the selected period that WatchGuard EPDR classified as trusted.
- Malware — Programs that tried to run in the selected period, and WatchGuard EPDR classified as malware, zero-day threats, or targeted attacks.
- Exploits — Exploit attacks that compromised or tried to compromise trusted programs on computers.
- PUPs (Potentially Unwanted Programs) — Programs that tried to run in the selected period, and WatchGuard EPDR classified as PUPs.
These tiles show incidents detected in processes run by the workstations and servers on the network, as well as their file systems. Incidents are reported by real-time scans as well as on-demand scan tasks.
WatchGuard EPDR shows an incident in the Malware and PUP tiles for each computer or threat pair found on the network. If an incident occurs multiple times in five minutes, WatchGuard EPDR only registers the first incident. The same incident can register a maximum of two times every 24 hours.
The Exploit Activity tile shows the number of vulnerability exploit attacks against Windows computers on the network. WatchGuard EPDR reports an incident in the Exploit Activity tile for each computer or different exploit attack pair found on the network. If an attack repeats several times, WatchGuard EPDR reports a maximum of 10 incidents every 24 hours for each computer-exploit pair found.
The Currently Blocked Programs Being Classified tile shows the number of programs that WatchGuard EPDR currently blocks.
Click the tile to see a list of files that WatchGuard EPDR determined to be risky before classification. To remove a program from the list, from the options menu for a computer, select Delete from list.
This tile shows all intrusion attempts that WatchGuard EPDR detected in the selected time period. The data covers all infection vectors and all supported platforms. Administrators can get specific data (volume, type, form of attack) related to the malware.
Click the tile to see detailed information about detected threats.