To learn about the new ThreatSync service in WatchGuard Cloud, go to About ThreatSync in WatchGuard Cloud Help. References to ThreatSync in this topic relate to the older TDR feature.
On the Reset page, an Administrator can reset the TDR account configuration back to the default settings, and remove devices, reports, users, and other TDR account data. This can be useful if you want to reset your account to default settings after a period of testing, or need to remove devices that are no longer associated with your account.
The Reset action permanently removes data and configuration settings.
The items you can reset are grouped into five categories. You can reset an entire category, or specific items.
Configuration — Reset configuration settings to default values, and removes domains, hosts, and host indicators
- Containment Exceptions — Removes all configured containment exceptions
- Domains — Removes all domains, hosts, and host indicators from your TDR account
- Exclusions — Removes all configured TDR exclusions
- Groups — Removes all TDR groups from the Groups page
- Notification Rules — Removes all configured notification rules
- Policies — Resets TDR policies to the default settings
- Signature Overrides — Removes all configured signature overrides
Use the Domains reset option carefully. This option removes all domains, hosts, and host indicators from your TDR account.
Settings and System — Reset other TDR account and system-level options to default values
- Audits — Removes all entries from the TDR Audit Log
- Beta Status — Resets the beta option in TDR General Settings to the default value (disabled)
- Cybercon — Resets the Cybercon level for your TDR account to the default value (Cybercon 5)
- Features — Resets TDR optional features on the TDR General Settings page to the default value (disabled)
- Host Sensor Configuration — Resets the global Host Sensor settings to default values
The Beta Status reset option is not available for TDR accounts managed by a TDR Service Provider. TDR Service Providers can configure the beta option in the Service Provider account on the Accounts page.
Reports — Remove Threat Detection and Response reports
- Generated — Removes all generated on-demand TDR reports
- Scheduled — Removes all scheduled TDR reports
Indicators — Remove all host and network indicators from your TDR account
Devices — Remove AD Helpers, hosts, or Fireboxes and associated data from your TDR account
- AD Helpers — Removes AD Helpers from your TDR account, but does not uninstall the AD Helper software
- Fireboxes — Removes all Fireboxes and all network indicators and events from your TDR account but does not disable TDR on the Fireboxes
- Hosts — Removes all hosts and all host indicators and sends the uninstall command to Host Sensors that are operational
- Users — Removes all users and indicator references, but does not remove the indicator
The Domains, AD Helpers, Hosts, Users, and Fireboxes options all permanently remove devices and data from your account. After the reset, devices that were removed can reappear in your TDR account. This happens if TDR receives a heartbeat from those devices after the reset, or if AD Helper synchronizes devices after the reset.
Before You Reset Devices
You might need to uninstall AD Helper software or disable TDR on Fireboxes before you reset devices if you do not want the devices to reappear in your account.
Before You Reset AD Helpers
Before you reset AD Helpers, manually uninstall the AD Helper software for any AD Helper that you no longer want to synchronize with your TDR account. If you do not uninstall AD Helpers, any installed AD Helper reappears in your TDR account the next time it sends a heartbeat to your TDR account.
For information about how to uninstall AD Helper, see Uninstall TDR AD Helper.
Before You Reset Hosts
When you reset Hosts, TDR sends the uninstall command to all hosts that are operational and removes all hosts from your account. Any hosts that are not operational at the time of the reset are not uninstalled. For example, if a computer is powered off or offline, the Host Sensor is not uninstalled. To minimize the number of Host Sensors that are not uninstalled by the reset, you might want to uninstall the Host Sensors before you reset Hosts.
For more information about how to uninstall Host Sensors, see Uninstall TDR Host Sensors.
Before You Reset Users
When you reset Users, TDR deletes all users associated with your account. Users logged in at the time of reset will also be deleted, and you will no longer have a record of those users.
Before You Reset Fireboxes
Before you reset Fireboxes, manually disable the Threat Detection and Response service for any Firebox that you want to remove from your TDR account. Any Firebox that has TDR enabled automatically reappears in your TDR account after the Firebox sends a heartbeat to your TDR account.
For more information about how to enable or disable TDR on a Firebox, see Enable TDR on Your Firebox.
Reset TDR Settings and Devices
To reset TDR settings and data or remove devices from your TDR account:
- Log In to TDR.
- Select Configure > Threat Detection.
- In the ThreatSync section, select Reset.
The Reset page opens.
- Select the check box for the features an options you want to reset.
If you select the Hosts check box, the Host Reset Notification opens.
- If you select the Domains or Hosts check box, click Yes to confirm that you want to reset all domains or hosts and host data.
This selects the Domains or Hosts check box. The domains or hosts are not removed until you click Reset.
- Click Reset.
The Reset summary appears with a list of the items you selected to reset.
- Review the items in the Reset Summary carefully.
You cannot undo a reset action.
- Click Yes.
The Reset Complete dialog box opens.
- Click OK.
The reset request is submitted and the reset action is added to the Audit Log.
When you reset domains, devices, or indicators, the devices and associated data are immediately removed from your TDR account. It can take some additional time for the system to completely delete all associated data. After all data associated with a Reset action has been deleted, TDR sends a notification message to the email address of the user who requested the reset. The email contains a summary of the items that were reset.