Applies To: Endpoint Security Elite , Endpoint Security 360, Endpoint Security Prime, and Endpoint Security Basic
Not all features are available for all Endpoint Security products. Features available differ by product. This table lists available features and the products that support them.
| Feature | Elite |
360 |
Prime |
Basic |
WatchGuard EDR |
EDR Core |
|---|---|---|---|---|---|---|
| Protection | ||||||
| Protection against known and zero- day malware | Supported | Supported | Supported | Supported | Supported | Supported |
| Protection against known and zero-day ransomware | Supported | Supported | Supported | Supported | Supported | Supported |
| Protection against known and zero-day exploits | Supported | Supported | Supported | Supported | Supported | Supported |
| Anti-phishing protection | Supported | Supported | Supported | Supported | Not supported | Not supported |
| Protection for multiple attack vectors (web, email, network, devices) | Supported | Supported | Supported | Supported | Supports basic functionality only | Supports basic functionality only |
| Traditional protection with generic and optimized signatures | Supported | Supported | Supported | Supported | Not supported | Not supported |
| Anti-exploit protection | Supported | Supported | Supported | Not supported | Supported | Supported |
| Zero-Trust Application Service | Supported | Supported | Not supported | Not supported | Supported | Not supported |
| Queries to WatchGuard's cloud-based collective intelligence | Supported | Supported | Supported | Supported | Supported | Supported |
| Self-learning AI: Context-based behavioral detection | Supported | Supported | Supported | Supported | Supported | Supported |
| Self-learning AI: Malicious installer (MSI) blocking | Supported | Supported | Supported | Supported | Supported | Supported |
| Self-learning AI: Malicious .NET detection | Supported | Supported | Supported | Supported | Supported | Supported |
| Self-learning AI: Script protection | Supported | Supported | Supported | Supported | Not supported | Not supported |
| Personal and managed firewall | Supported | Supported | Supported | Supported | Not supported | Not supported |
| IDS / HIPS | Supported | Supported | Supported | Supported | Not supported | Not supported |
| Network attack protection | Supported | Supported | Supported | Not supported | Supported | Not supported |
| Device control | Supported | Supported | Supported | Supported | Not supported | Not supported |
| URL filtering by category (web browsing monitoring) | Supported | Supported | Supported | Supported | Not supported | Not supported |
| Monitoring | ||||||
| Endpoint risk monitoring | Supported | Supported | Supported | Supported | Supported | Supported |
| Continuous monitoring of all process activity | Supported | Supported | Supported | Supported | Supported | Supported |
| Data retention | 90 days | 90 days | 30 days | 30 days in management UI | 30 days | 30 days |
| 1-Year Data Retention add-on module | Supported | Supported | Supported | Not supported | Not supported | Not supported |
| Vulnerability assessment | Supported | Supported | Supported | Supported | Supported | Not supported |
| Detection | ||||||
| Detection of vulnerable driver | Supported | Supported | Supported | Not supported | Supported | Supported |
| Fully configurable and instant security risk alerts | Supported | Supported | Supported | Supported | Supported | Supported |
| Detection of compromised trusted applications | Supported | Supported | Not supported | Not supported | Supported | Not supported |
| Zero-Trust Application Service | Supported | Supported | Not supported | Not supported | Supported | Not supported |
| ThreatSync eXtended Detection and Response (XDR) capabilities | Supported | Supported | Supported | Supported | Supported | Supported |
| Incident visualization (Incident graph and signal details with timeline) | Supported | Supported | Supported | Supported | Supported | Supported |
| Incident signals mapped to MITRE ATT&CK | Supported | Supported | Supported | Not supported | Supported | Supported |
| STIX IOCs and YARA rules search | Supported | Not supported | Not supported | Not supported | Not supported | Not supported |
| Containment | ||||||
| Real-time computer isolation, scan and restart from the management UI | Supported | Supported | Supported | Not supported | Supported | Supported |
| Response and Remediation | ||||||
| Ability to roll back and remediate the actions taken by attackers (shadow copies) | Supported | Supported | Supported | Supported | Supported | Not supported |
| Centralized quarantine | Supported | Supported | Supported | Supported | Supported | Not supported |
| Automatic analysis and disinfection | Supported | Supported | Supported | Supported | Supported | Not supported |
| Ability to block unknown and unwanted applications | Supported | Supported | Not supported | Not supported | Supported | Not supported |
| ThreatSync eXtended Detection and Response (XDR) capabilities - remediation actions | Supported | Supported | Supported | Not supported | Supported | Supports basic functionality only |
| Investigation | ||||||
| Interactive, multi-signal incident view for comprehensive Root Cause Analysis (RCA) | Supported | Supported | Supported | Not supported | Supported | Supported |
| Automatic detection and correlation of an attack, with alerts, mapped to the MITRE ATT&CK framework | Supported | Supported | Supported | Not supported | Not supported | Not supported |
| Deep context and real-time computer forensics telemetry | Supported | Not supported | Not supported | Not supported | Not supported | Not supported |
| Advanced querying for investigations | Supported | Not supported | Not supported | Not supported | Not supported | Not supported |
| GenAI Assistant investigations | Supported | Not supported | Not supported | Not supported | Not supported | Not supported |
| Advanced attack investigation (Jupyter Notebooks) | Supported | Supported | Supported | Not supported | Supported | Not supported |
| Remote shell for faster MTTR and reduced break dwell time | Supported | Not supported | Not supported | Not supported | Not supported | Not supported |
| Deep file analysis with CAPA tool | Supported | Not supported | Not supported | Not supported | Not supported | Not supported |
| Verbose Mode for attack simulation | Supported | Not supported | Not supported | Not supported | Not supported | Not supported |
| Advanced Reporting Tool (add-on module) | Supported | Supported | Supported | Not supported | Supported | Not supported |
| Discovery and monitoring of unstructured personal data across endpoints (add-on module)* | Supported | Supported | Supported | Not supported | Supported | Not supported |
| Attack Surface Reduction | ||||||
| Endpoint Access Enforcement | Supported | Supported | Not supported | Not supported | Supported | Not supported |
| Lock mode in Zero-Trust Application Service | Supported | Supported | Not supported | Not supported | Supported | Not supported |
| Anti-exploit technology | Supported | Supported | Supported | Not supported | Supported | Supported |
| Block programs by hash or name (for example, PowerShell) | Supported | Supported | Not supported | Not supported | Supported | Not supported |
| Device Control | Supported | Supported | Supported | Supported | Not supported | Not supported |
| Web protection | Supported | Supported | Supported | Supported | Not supported | Not supported |
| Automatic updates | Supported | Supported | Supported | Supported | Supported | Supported |
| Automatic discovery of unprotected endpoints | Supported | Supported | Supported | Supported | Supported | Supported |
| Patch Management for OS and third-party applications (add-on module) | Supported | Supported | Supported | Supported | Supported | Not supported |
| Security for VPN connections (requires Firebox) | Supported | Supported | Supported | Supported | Supported | Supported |
| Secure access to Wi-Fi network through access points | Supported | Supported | Supported | Supported | Supported | Supported |
| Advanced security policies | Supported | Not supported | Not supported | Not supported | Not supported | Not supported |
| Endpoint Security Management | ||||||
| Centralized cloud-based management UI | Supported | Supported | Supported | Supported | Supported | Supported |
| Settings inheritance between groups and endpoints | Supported | Supported | Supported | Supported | Supported | Supported |
| Ability to configure and apply settings on a group basis | Supported | Supported | Supported | Supported | Supported | Supported |
| Ability to configure and apply settings on a per-endpoint basis | Supported | Supported | Supported | Supported | Supported | Supported |
| Real-time deployment of settings from the management UI to endpoints | Supported | Supported | Supported | Supported | Supported | Supported |
| Security management based on endpoint views and dynamic filters | Supported | Supported | Supported | Supported | Supported | Supported |
| Ability to schedule and perform tasks on endpoint views | Supported | Supported | Supported | Supported | Supported | Supported |
| Ability to assign preconfigured roles to operators in the management UI | Supported | Supported | Supported | Supported | Supported | Supported |
| Ability to customize local alerts | Supported | Supported | Supported | Supported | Supported | Supported |
| Ability to control restarts for patch and protection updates | Supported | Supported | Supported | Supported | Supported | Supported |
| User activity auditing | Supported | Supported | Supported | Supported | Supported | Supported |
| Installation through MSI packages, download URLs, and emails sent to end users | Supported | Supported | Supported | Supported | Supported | Supported |
| On-demand and scheduled reports at different levels and with multiple granularity options | Supported | Supported | Supported | Supported | Supported | Supported |
| Security KPIs and management dashboards | Supported | Supported | Supported | Supported | Supported | Supported |
| API availability | Supported | Supported | Supported | Supported | Supported | Supported |
| Remote Monitoring & Management (RMM) Integrations | ||||||
| ConnectWise Automate | Supported | Supported | Supported | Supported | Supported | Supported |
| ConnectWise RMM | Supported | Supported | Supported | Supported | Supported | Supported |
| Kaseya VSA | Supported | Supported | Supported | Supported | Supported | Supported |
| N-able N-central | Supported | Supported | Supported | Supported | Supported | Supported |
| N-able N-sight | Supported | Supported | Supported | Supported | Supported | Supported |
| NinjaOne (Automated Deployment Scripting) | Supported | Supported | Supported | Supported | Supported | Supported |
| Modules | ||||||
| WatchGuard Data Control* | Supported | Supported | Supported | Not supported | Supported | Not supported |
| WatchGuard Advanced Reporting Tool | Supported | Supported | Supported | Not supported | Supported | Not supported |
| WatchGuard Patch Management | Supported | Supported | Supported | Supported | Supported | Not supported |
| WatchGuard Full Encryption | Supported | Supported | Supported | Supported | Supported | Not supported |
| WatchGuard SIEMFeeder | Supported | Supported | Supported | Not supported | Supported | Not supported |
| WatchGuard MDR (Core, Total, and Open) | Supported | Supported | Supported | Not supported | Supported | Not supported |
| WatchGuard Orion | Supported | Supported | Supported | Not supported | Supported | Not supported |
| Supported Operating Systems | ||||||
| Windows Intel | Supported | Supported | Supported | Supported | Supported | Supported |
| Windows ARM | Supported | Supported | Supported | Supported | Supported | Supported |
| macOS Intel | Supported | Supported | Supported | Supported | Supported | Supported |
| macOS ARM (M1 and M2) | Supported | Supported | Supported | Supported | Supported | Supported |
| Linux | Supported | Supported | Supported | Supported | Supported | Supported |
| Android | Supported | Supported | Supported | Supported | Not supported | Not supported |
| iOS | Supported | Supported | Supported | Supported | Not supported | Not supported |
| Support for virtual environments - persistent and non-persistent (VDI)** | Supported | Supported | Supported | Supported | Supported | Supported |
WatchGuard EDR Core is included in the Firebox Total Security Suite. It is available for a limited number of endpoints, based on the Firebox model. With a Total Security Suite subscription license, you will see an EDR Core license in WatchGuard Cloud. You can use WatchGuard Cloud to manage EDR Core endpoint allocation and to access the Endpoint Security management UI. For information on EDR Core features, go to WatchGuard EDR Core Features.
* WatchGuard Data Control is supported in these countries only: Spain, Germany, UK, Sweden, France, Italy, Portugal, Holland, Finland, Denmark, Switzerland, Norway, Austria, Belgium, Hungary, and Ireland.
** Compatible systems with these types of virtual machines: VMWare Desktop, VMware Server, VMware ESX, VMware ESXi, Citrix XenDesktop, XenApp, XenServer, MS Virtual Desktop, and MS Virtual Servers. Endpoint Security 360 is compatible with Citrix Virtual Apps, Citrix Desktops 1906 & Citrix Workspace App for Windows.
Endpoint Security Supported Features by Platform
Installation Requirements (external link)