Remediation Tools

Applies To: WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

WatchGuard Endpoint Security provides several remediation tools that help you to resolve issues. Some of these tools are automatic and do not require you to take any action. You can get access to other tools in the web UI.

Tool Platform Type Purpose

Automatic computer scanning and disinfection

Windows, macOS, Linux, Android

Automatic

Detects and disinfects malware when WatchGuard Endpoint Security detects movement in the file system (copy, move, run) or in a supported infection vector.

On-demand computer scanning and disinfection

Windows, macOS, Linux, Android

Automatic, Schedule, or Manual

Detects and disinfects malware in the file system when required, at specific time intervals, or after you create a remediation task.

On-demand restart

Windows

Manual

Forces a computer restart to apply updates, finish manual disinfection tasks, and fix protection errors.

Computer isolation

Windows

Manual

Isolates a computer from the network, to prevent the exfiltration of confidential information and the spread of threats to other computers.

Automatic Scanning and Disinfection

WatchGuard Endpoint Security automatically detects and disinfects threats found on protected computers and devices. File protection must be enabled in the security settings assigned to the computers and devices.

WatchGuard Endpoint Security automatically detects threats in these security areas:

  • Web — Malware downloaded to targeted computers through a web browser
  • Email — Malware that reaches email clients as a message attachment
  • File System — Malware detected when a file that contains a known or unknown threat in the computer storage system is run, moved, or copied.
  • Network — Intrusion attempts from a host on the network or Internet, blocked by the firewall

Advanced Protection in a Workstation and Servers settings profile also blocks the execution of unknown malware. For information on blocking modes and the options available for antivirus scanning, see Workstation and Server Security Settings and Configure Antivirus Scanning.

Remediation Actions

When WatchGuard Endpoint Security detects a known threat, it automatically cleans the affected items when there is a disinfection method available. If not, WatchGuard Endpoint Security quarantines the items.

When antivirus and advanced protection modules are enabled, WatchGuard Endpoint Security takes these actions:

Advanced Protection Mode Antivirus Protection Action
Audit Enabled Detection, disinfection, and quarantine
Disabled Detection only
Hardening, Lock Enabled Detection, block unknown items, disinfection, and quarantine
Disabled Detection, block unknown items

On-Demand Scanning and Disinfection

There are two ways to scan and disinfect computers on demand:

On-Demand Restart (Windows computers)

If you have computers that have to restart to fix a protection problem, you can restart the computers remotely. For more information, see Restart a Computer (Windows computers).

Computer Isolation (Windows computers)

You can isolate computers on demand to prevent the spread of threats and to block the exfiltration of confidential data. For more information, see Isolate a Computer (Windows computers).

See Also

Monitor Threats

Manage Tasks