Incorrect Detection or Block of Malware

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product., WatchGuard EDR Core This topic applies to the WatchGuard EDR Core, available in the Total Security Suite license.

If your WatchGuard Endpoint Security product incorrectly detects a file as malware, or incorrectly blocks a file, contact Support and provide this information:

• From the endpoint agent, select Antivirus and Advanced Protection > Event Report to export a report. Give the report to Support as part of your case.

Because Adaptive Defense products do not have a graphical user interface, there is no report to export. In this case, inform Support of the approximate date and time of the incorrect detection.

• Make a copy of the incorrectly detected file. Compress and password-protect the file, and use panda as the password. Give the file to Support as part of your case.
• Select Event Report > Status. If the file status is Quarantine, and you cannot obtain the file any other way, save a copy of this folder:
  C:\ProgramData\Panda Security\Security Protection\Quarantine
  Give the compressed folder to Support as part of your case. Support might be able to retrieve the quarantined file from the folder.
• You can use the PSInfo tool to provide more diagnostic logs to help Support troubleshoot your issue. For more information, go to Get Started with PSInfo.