Contents

TDR Host Sensor System Tray Icon

A Host Sensor icon appears in the system tray on Windows machines that have the Host Sensor installed. You can use the icon to see the status of the Host Sensor, temporarily pause protection, show the log file, collect triage data, and enable or disable Host Sensor notifications.

The Host Sensor system tray icon is enabled or disabled for all users in the Host Sensor Settings page. For more information, see Configure TDR Host Sensor Settings.

To access the Host Sensor icon menu, right-click the icon in the system tray.

Screen shot of Host Sensor system tray icon

Open Host Sensor Center

Host Sensor Center shows the Host Sensor status and details of activities performed by the Host Sensor. You can use the Host Sensor Center to see:

  • The status of the Host Sensor connection to ThreatSync
  • The number and list of files quarantined by the Host Sensor
  • The number and list of processes terminated by the Host Sensor
  • The number and list of registry entries deleted by the Host Sensor

For each threat, the ThreatSync Level indicates the severity, based on the original threat score:

  • Critical — Scores of 8, 9, or 10
  • High — Scores of 6 or 7
  • Medium — Scores of 4 or 5
  • Low — Score of 3

To open Host Sensor Center:

Right-click the Host Sensor icon in the system tray and select Open Host Sensor Center.
The Host Sensor Center dialog box appears.

Screen shot of Host Sensor Center

Change the Language

The Host Sensor Center and system tray icon support multiple languages.

To change the language:

Right-click the Host Sensor icon, point to Change Language, and select a language.
The language changes in the Host Sensor Center and the Host Sensor system tray icon menu.

Enable or Disable Host Sensor Notifications

Host Sensor notifications show you information about Host Sensor activity on your machine. When enabled, notifications appear next to the Host Sensor system tray icon when these events occur:

  • Host Sensor kills a process
  • Host Sensor quarantines a file
  • A baseline is in progress
  • Host is contained
  • Host is released from containment
  • Host Sensor protection pauses
  • Host Sensor protection resumes

Host Sensor notification

When Host Sensor notifications are enabled, a check mark appears next to the Show Host Sensor Notification option on the Host Sensor system tray icon menu.

To enable or disable notifications:

Right-click the Host Sensor icon and select Show Host Sensor Notifications.

Pause Protection

You can pause protection if you need to disable the Host Sensor temporarily. For example, if TDR incorrectly identifies a threat when you try to install new software, you could pause protection while you complete the installation. Protection can also be paused remotely using the Web UI. For information on pausing protecting remotely, see Manage TDR Hosts and Host Sensors.

When protection is paused, the Host Sensor does not scan files, processes, or registry entries, and does not send events to the cloud. Host Ransomware Protection is also disabled temporarily.

You can pause protection for 5, 15, or 30 minutes. Protection resumes automatically after the selected time or when you manually resume protection.

Pause protection can be enabled or disabled for all users in the Host Sensor Settings page. For more information, seeConfigure TDR Host Sensor Settings.

To pause protection:

  1. Right-click the Host Sensor icon and click Pause Host Sensor Protection.
    The Pause Host Sensor dialog box appears.

Screenshot of Pause Host Sensor dialog box.

  1. Select how long you want to pause the Host Sensor protection for: 5 minutes, 15 minutes, or 30 minutes.
  2. Click Pause.

Host Sensor protection resumes automatically at the end of the selected time period.

To resume protection manually:

  1. Right-click the Host Sensor icon and click Pause Host Sensor Protection.
    The Paused dialog box appears.

Screenshot of Host Sensor Paused dialog box.

  1. Click Resume.

Show the Host Sensor Log File

You can quickly show the location of the Host Sensor log file from the Host Sensor icon menu. The log file records information about Host Sensor activity that can be useful if you need to troubleshoot an issue.

To open the folder where the log file is saved:

Right-click the Host Sensor icon and click Show Log File Location.
The folder opens and the log file is selected.

Collect Host Sensor Triage Data

The Host Sensor can generate triage data, such as event logs and other files, and save it to a compressed .cab file in this location:

\Program Files (x86)\WatchGuard\Threat Detection and Response\SensorTriageData-<Host Sensor Name>-<Date>-<Time>.cab

When you work with Support to troubleshoot an issue, you can attach the generated .cab file to an email or Support case.

To collect triage data:

Right-click the Host Sensor icon and click Collect triage.
A command prompt opens and status messages appear. When the process completes, a folder opens and the triage file is selected.

To open the folder where the triage file is saved:

Right-click the Host Sensor icon and click Show Triage Location.
The folder opens and the triage file is selected.

See Also

TDR General Settings

TDR Host Sensor Manual Installation

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search