Troubleshoot Network Attack Protection

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product.

Network Attack Protection scans network traffic in realtime to detect and stop threats. It prevents network attacks that exploit vulnerabilities in services open to the Internet and the internal network. For more information, go to Network Attack Protection — Types of Attacks Detected (Windows Computers).

You might have these issues when you use Network Attack Protection:

• False Positives
• Third-Party Software Compatibility

You can exclude a specific network attack from detection. For more information, go to Exclude a Network Attack Detection (Windows Computers).

False Positives

When a false positive occurs, before you contact Support, complete these steps to collect information for your Support case:

• Provide a description of the issue.
• Use the PSInfo tool to gather support-related information.
• Use the NNS Firewall Diagnostics tool to generate a diagnostic file.
• Use the DeepPacketInspection Configuration Rules tool to gather event logs.
  

Gather Event Logs

You can gather event logs to help you determine a false positive. The WatchGuard DeepPacketInspection Configuration Rules tool gathers event logs related to Network Attack Protection rules. The tool is available for Microsoft Windows computers and supports WatchGuard Endpoint Security version 8.00.22.0012 and higher.

To gather event logs that you can send to Support:

1. Download and install the WatchGuard DeepPacketInspection Configuration Rules.exe tool. (External link)
   
2. Wait for Network Attack Protection to reproduce the issue.

When the issue occurs, the tool copies event logs to one of these storage folder:

• %ProgramFiles%\Panda Security\WG_DeepPacketInspection_Configuration_Rules
• %ProgramFiles(x86)%\Panda Security\WG_DeepPacketInspection_Configuration_Rules

The folder remains empty until the detection occurs.

3. After you gather event logs, use the Add / Remove Programs feature in Windows to remove the tool.
   Windows lists the tool as WG_DeepPacketInspection_Configuration_Rules.

Third-Party Software Compatibility

If third-party software conflicts with Network Attack Protection, you can use these steps to determine if Network Attack Protection causes the issue:

1. Copy and create a configuration profile. For more information, go to Manage Settings Profiles.

2. From Antivirus, enable File Antivirus.
   Verify that this action does not reproduce the issue.
3. From Advanced Protection, enable Advanced Protection and disable Network Attack Protection.
   Verify that this action does not reproduce the issue.
4. From Advanced Protection, enable Network Attack Protection.
   Verify that this action does reproduce the issue.

If you cannot verify any of these steps, contact Support.

Exclude WatchGuard Paths

If your third-party software can exclude specific paths, create exclusions for these WatchGuard paths and verify if the problem still reproduces:

• %programfiles%\Panda Security
• %programfiles(x86)%\Panda Security
• %allusersprofile%\Panda Security

Contact Support

If the third-party software compatibility issue still occurs, complete these steps to collect information for your Support case:

• Provide a description of the problem.
• Use the PSInfo tool to gather logs.
• Use NNSDiag to generate a diagnostic file.