Supported Features by Endpoint Security Product

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EDR Core, WatchGuard EPP

Not all features are available for all WatchGuard Endpoint Security products. Features available differ by product. This table lists available features and the products that support them.

WatchGuard EDR Core is included in the Firebox Total Security Suite. It is available for a limited number of endpoints, based on the Firebox model. With a Total Security Suite subscription license, you will see an EDR Core license in WatchGuard Cloud. You can use WatchGuard Cloud to manage EDR Core endpoint allocation and to access the Endpoint Security management UI. For information on EDR Core features, go to WatchGuard EDR Core Features.

FEATURE WatchGuard Advanced EPDR

WatchGuard EPDR

WatchGuard EDR

WatchGuard EPP

 WatchGuard EDR Core
Protection  
Detection of code injection in running processes Supported Supported Supported Supported Supported
Protection against known and zero- day malware Supported Supported Supported Supports basic functionality only Supported
Protection against known and zero-day ransomware Supported Supported Supported Supports basic functionality only Supported
Protection against known and zero-day exploits Supported Supported Supported Supports basic functionality only Supported
Anti-phishing protection Supported Supported Not supported   Supported Not supported
Protection for multiple attack vectors (web, email, network, devices) Supported Supported Supports basic functionality only Supported Supports basic functionality only
Traditional protection with generic and optimized signatures Supported Supported   Not supported Supported Not supported
Protection against advanced persistent threats (APTs) Supported Supported Supported Not supported   Supported
Zero-Trust Application Service Supported Supported Supported Not supported   Not supported
Queries to WatchGuard cloud-based collective intelligence Supported Supported Supported Supported Supported
Self-learning AI: Context-based behavioral detection Supported Supported Supported Supported Supported
Self-learning AI: Malicious installer blocking (MSI) Supported Supported Supported Supported Supported
Self-learning AI: Malicious .NET detection Supported Supported Supported Supported Supported
Self-learning AI: Script protection Supported Not supported Not supported Not supported Not supported
Personal and managed firewall Supported Supported Not supported   Supported Not supported
IDS / HIPS Supported Supported Not supported   Supported Not supported
Network attack protection Supported Supported Supported Not supported Not supported
Device control Supported Supported Not supported   Supported Not supported
URL filtering by category (web browsing monitoring) Supported Supported Not supported   Supported Not supported
Monitoring  
Endpoint risk monitoring Supported Supported Supported Supported Supported
Cloud-based continuous monitoring of all process activity Supported Supported Supported Not supported   Supported
Data retention for one year for retrospective attack investigation Supported Supported Supported   Not supported Supported
Vulnerability assessment Supported Supported Supported Supported Not supported
Detection  
Detection of vulnerable driver Supported Supported Supported Supported Supported
Fully configurable and instant security risk alerts Supported Supported Supported Supported Supported
Detection of compromised trusted applications Supported Supported Supported Not supported   Not supported
eXtended Detection and Response (XDR) capabilities Supported Supported Supported Not supported Supported
Threat Hunting Service: Non-deterministic indicators of attack mapped to MITRE ATT&CK with contextual telemetry Supported Not supported Not supported Not supported Not supported
Threat Hunting Service: Deterministic indicators of attack mapped to MITRE ATT&CK Supported Supported Supported Not supported Not supported
STIX IOCs and YARA rules search Supported Not supported Not supported Not supported Not supported
Containment  
Real-time computer isolation, scan and restart from the management UI Supported Supported Supported Not supported   Supported
Response and Remediation  
Remote access to endpoints from the management UI Supported Supported Supported Supported Supported
Ability to roll back and remediate the actions taken by attackers Supported Supported Supported Supported Not supported
Centralized quarantine Supported Supported Supported Supported Not supported
Automatic analysis and disinfection Supported Supported Supported Supported Not supported
Shadow copies Supported Supported Supported Supported Not supported
Ability to block unknown and unwanted applications Supported Supported Supported Not supported   Not supported
eXtended Detection and Response (XDR) capabilities Supported Supported Supported Not supported Supports basic functionality only
Investigation  
Threat Hunting Service deterministic indicators of attack mapped to MITRE ATT&CK Supported Supported Supported Not supported Not supported
Malware actions graph and lifecycle Supported Supported Supported Not supported Supported
Threat Hunting Service: Non-deterministic indicators of attack mapped to MITRE ATT&CK with contextual telemetry Supported   Not supported   Not supported   Not supported Not supported
Automated and interactive incident attack story Supported Not supported Not supported   Not supported Not supported
Ability to export lifecycle information for local analysis Supported Supported Supported   Not supported Supported
Advanced Reporting Tool (add-on module) Supported Supported Supported Not supported   Not supported
Discovery and monitoring of unstructured personal data across endpoints (add-on module)* Supported Supported Supported Not supported   Not supported
Advanced attack investigation (Jupyter Notebooks) Supported Supported Supported Not supported   Not supported
Remote shell to manage processes and services, file transfers, command-line tools, get dumps, pcap, and more Supported Not supported Not supported Not supported Not supported
IOAs and suspicious behaviors investigation area Supported Not supported Not supported Not supported Not supported
Access enriched telemetry where MITRE ATT&CK tactics and techniques are mapped to suspicious events Supported Not supported Not supported Not supported Not supported
GenAI telemetry assistant Supported Not supported Not supported Not supported Not supported
Deep file analysis with CAPA tool Supported Not supported Not supported Not supported Not supported
Verbose Mode for attack simulation Supported Not supported Not supported Not supported Not supported
Attack Surface Reduction  
Endpoint Access Enforcement Supported Supported Supported Not supported Not supported
Lock mode in the Advanced Protection Supported Supported Supported Not supported   Not supported
Anti-exploit technology Supported Supported Supported Not supported   Supported
Block programs by hash or name (for example, PowerShell) Supported Supported Supported Not supported   Not supported
Device Control Supported Supported Not supported   Supported Not supported
Web protection Supported Supported Not supported   Supported Not supported
Automatic updates Supported Supported Supported Supported Supported
Automatic discovery of unprotected endpoints Supported Supported Supported Supported Supported
Patch Management for OS and third-party applications (add-on module) Supported Supported Supported Supported Not supported
Security for VPN connections (requires Firebox) Supported Supported Supported Supported Supported
Secure access to Wi-Fi network through access points Supported Supported Supported Supported Supported
Advanced security policies Supported Not supported Not supported Not supported Not supported
Ability to block connections from endpoints Supported Not supported Not supported Not supported Not supported
Endpoint Security Management  
Centralized cloud-based management UI Supported Supported Supported Supported Supported
Settings inheritance between groups and endpoints Supported Supported Supported Supported Supported
Ability to configure and apply settings on a group basis Supported Supported Supported Supported Supported
Ability to configure and apply settings on a per-endpoint basis Supported Supported Supported Supported Supported
Real-time deployment of settings from the management UI to endpoints Supported Supported Supported Supported Supported
Security management based on endpoint views and dynamic filters Supported Supported Supported Supported Supported
Ability to schedule and perform tasks on endpoint views Supported Supported Supported Supported  
Ability to assign preconfigured roles to operators in the management UI Supported Supported Supported Supported Supported
Ability to customize local alerts Supported Supported Supported Supported Supported
Ability to control restarts for patch and protection updates Supported Supported Supported Supported Supported
User activity auditing Supported Supported Supported Supported Supported
Installation through MSI packages, download URLs, and emails sent to end users Supported Supported Supported Supported Supported
On-demand and scheduled reports at different levels and with multiple granularity options Supported Supported Supported Supported Supported
Security KPIs and management dashboards Supported Supported Supported Supported Supported
API availability Supported Supported Supported Supported Supported
Remote Monitoring & Management (RMM) Integrations
ConnectWise Automate Supported Supported Supported Supported Supported
Kaseya VSA Supported Supported Supported Supported Supported
N-able N-central Supported Supported Supported Supported Supported
N-able N-sight Supported Supported Supported Supported Supported
NinjaOne (Automated Deployment Scripting) Supported Supported Supported Supported Supported
Modules  
WatchGuard Data Control* Supported Supported Supported Not supported   Not supported
WatchGuard Advanced Reporting Tool Supported Supported Supported Not supported   Not supported
WatchGuard Patch Management Supported Supported Supported Supported Not supported
WatchGuard Full Encryption Supported Supported Supported Supported Not supported
WatchGuard SIEMFeeder Supported Supported Supported Not supported   Not supported
WatchGuard Orion Supported Supported Supported Not supported Not supported
High availability service Supported Supported Supported Supported Supported
Host platform certifications ISO27001, SAS 70 ISO27001, SAS 70 ISO27001, SAS 70 ISO27001, SAS 70 Supported
Supported Operating Systems  
Windows Intel Supported Supported Supported Supported Supported
Windows ARM Supported Supported Supported Supported Supported
macOS Intel Supported Supported Supported Supported Supported
macOS ARM (M1 and M2) Supported Supported Supported Supported Supported
Linux Supported Supported Supported Supported Supported
Android Supported Supported Not supported   Supported Not supported
iOS Supported Supported Not supported   Supported Not supported
Support for virtual environments - persistent and non-persistent (VDI)** Supported Supported Supported Supported Supported

* WatchGuard Data Control is supported in these countries only: Spain, Germany, UK, Sweden, France, Italy, Portugal, Holland, Finland, Denmark, Switzerland, Norway, Austria, Belgium, Hungary, and Ireland.

** Compatible systems with these types of virtual machines: VMWare Desktop, VMware Server, VMware ESX, VMware ESXi, Citrix XenDesktop, XenApp, XenServer, MS Virtual Desktop and MS Virtual Servers. WatchGuard EPDR solution is compatible with Citrix Virtual Apps, Citrix Desktops 1906 & Citrix Workspace App for Windows.

Related Topics

Endpoint Security Supported Features by Platform

About Endpoint Security Prime

Installation Requirements (external link)

WatchGuard Cloud Browser Compatibility