Incorrect Detection or Block of Malware

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EDR Core, WatchGuard EPP

If your WatchGuard Endpoint Security product incorrectly detects a file as malware, or incorrectly blocks a file, contact Support and provide this information:

From the endpoint agent, select Antivirus and Advanced Protection > Event Report to export a report. Give the report to Support as part of your case.

Screenshot of the Event Report UI.

Because Adaptive Defense products do not have a graphical user interface, there is no report to export. In this case, inform Support of the approximate date and time of the incorrect detection.

Use the Sample Submit tool to send the incorrectly detected file to Support. For information about local file submission, go to PSInfo Sample Submit. If you password‑protect the file, set the password to 'infected'.
Select Event Report > Status. If the file status is Quarantine and you cannot obtain the file any other way, use the Sample Submit tool to send the file from Quarantine. For information about how to send a local quarantine file to Support, go to PSInfo Sample Submit.
Use the PSInfo tool to provide more diagnostic logs to help Support troubleshoot your issue. For more information, go to Get Started with PSInfo.

© 2026 WatchGuard Technologies, Inc. All rights reserved. WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and other countries. Various other trademarks are held by their respective owners.