Manage Clients

On the Manage Clients page, you can manage device security for all your client accounts.

You can perform these actions:

  • View a report of security incidents for each client account
  • View WatchGuard endpoint security product license information
  • Show devices that do not have WatchGuard endpoint security products installed
  • Install WatchGuard endpoint security products on a device
  • Perform actions such as assign security configurations, perform file scans, and isolate devices

Before you Begin

Before you can manage your clients, you must configure the WatchGuard Endpoint Security plug-in and associate your ConnectWise Automate client accounts and WatchGuard Cloud managed accounts.

Manage Clients

To manage your clients, in the Clients section, select a specific client.

The current WatchGuard Cloud account name and account ID appear at the top of the page.

The licenses section shows the total number of WatchGuard endpoint security product licenses, the number of licenses available, and the number of licenses in use.

Click to refresh the data shown on the page.

You can filter the data based on these time periods:

  • Last 24 hours
  • Last 7 days
  • Last month

Overview

The Overview tab shows statistics for all computers and devices in the selected client account.

Threats Detected By The Antivirus

This section shows the number of security incidents detected for each threat category:

  • Programs Blocked — Specific programs blocked by the administrator.
  • Phishing — A technique to obtain confidential information, such as user names and passwords or financial information from end users.
  • Intrusion attempts blocked — Malformed network traffic designed to cause unwanted system behavior on the targeted computer.
  • Blocked devices — An attempt by a user to use a restricted device.
  • Malware URLs blocked — Web addresses of pages that contain malware.
  • Exploits — Exploit attacks that compromised or tried to compromise trusted programs on computers.
  • Indicators of Attack (IOA) — Confirmed events that are highly likely to be an attack. The WatchGuard Security team reviews events received from endpoints to confirm they match a specified attack hypothesis.

Malware Activity

Indicates the number of malware incidents, the number of computers on which they occurred, the number of malware programs run, the number of incidents where data was accessed, and the number of incidents that involved external communications.

PUP Activity

Indicates the number of PUP (Potentially Unwanted Program) incidents, the number of computers on which they occurred, the number of programs run, the number of incidents where data was accessed, and the number of incidents that involved external communications.

Managed Computers

The Managed Computers tab shows all devices in the selected client account that have WatchGuard endpoint security products installed.

The Manage Computers tab shows this data:

  • Computer — The name of the device.
  • IP Address — The IP address of the device.
  • Operating System — The detected operating system of the device.
  • Advanced Protection — The status of Advanced Protection on the device.
  • Enabled
  • Disabled
  • Antivirus — The status of Antivirus protection on the device.
  • Installing
  • Error
  • Enabled
  • Disabled
  • No License
  • Updated Protection — Indicates the status of the Protection Module and if the device requires an updated release.
  • Updated
  • Not updated (7 days since the last update)
  • Pending restart
  • Knowledge —The status of Knowledge signature files on the device.
  • Updated
  • Not Updated (3 days since the last update).
  • License Status — Indicates the status of the WatchGuard endpoint security product license.
  • Assigned
  • No License
  • Excluded
  • Last Connection — Indicates the date and time the device was last connected to the network.

You can select one or more devices and perform these actions.

Click for the computer on which you want to perform the action, then select the required action. If you select more than one device, the action applies to all selected devices.

  • Assign Security Configurations — A security configuration is a set of WatchGuard endpoint security settings that you define and assign to your managed devices. Select a security configuration from the list, then click Apply.

    There are separate configurations you can choose for Computers and for Android devices. If you apply a security configuration to both Computer and Android devices, you can select a configuration for each device type.
  • Uninstall WatchGuard Endpoint Protection — Uninstall WatchGuard endpoint security products from the computer.
  • Scan Computer — Perform a file scan on the selected managed devices. To perform a file scan, the device must be connected to the network. If the device is not connected to the network, the request remains active for 7 days (by default). The scan runs when the device connects to the network.
  • Isolate Computer — Isolate a device (Windows computers only). To isolate a device, the device must be connected to the network to receive the request. The request remains active indefinitely for unconnected devices. The isolate request is performed when the device connects to the network. A icon appears when the device is isolated. The isolation icon flashes while the request to isolate the device is active.
  • Stop Isolating Computer — Stop isolation for a device (Windows computers only). To stop device isolation, the device must be connected to the network to receive the request. The request remains active indefinitely for unconnected devices. The request to stop isolation is performed when the device connects to the network. The isolation icon flashes while the request to stop isolation is active.

Unmanaged Discovered Computers

The Unmanaged Computers Discovered tab shows all detected devices in the client account that do not have WatchGuard endpoint security products installed. To manage and perform actions on unmanaged devices, you must install WatchGuard endpoint security products on the device.

To install WatchGuard endpoint security products from the plug-in, the device must already have the ConnectWise Automate agent installed to process and schedule the WatchGuard agent installation.

The Unmanaged Computers Discovered tab shows this information:

  • Computer — The name of the device.
  • IP Address — The IP address of the device.
  • Status — The current installation status of WatchGuard endpoint security products on the device.
  • Unmanaged
  • Installing
  • Installation Error
  • Last Seen — Indicates the date and time the device was last connected to the network.

The only action you can take for unmanaged computers is to install WatchGuard endpoint security products on the device.

Click for the device on which you want to install WatchGuard endpoint security products, then select Install WatchGuard Endpoint Protection. If you select multiple devices, the WatchGuard agent installs on all selected devices.

Screen shot of the Unmanaged Computers Discovered tab with the Install WatchGuard Endpoint Protection action displayed for a computer

The installation process for the device is scheduled after approximately two minutes.

Reports

The Reports tab shows data about detected threats based on the threat type and the selected time period.

You can also access Reports by selecting a specific threat count in the Security Overview page.

  • In the Hostname search field, you can type a hostname to filter the results.
  • From the Type drop-down list, select the type of threat for the report (Malware, PUPs, Programs blocked, Exploits, and Indicators of attack).
  • Select a time period for the report from the drop-down list. You can choose Last 7 days or Last 24 hours.