Applies To: Endpoint Security Elite , Endpoint Security 360, Endpoint Security Prime, and Endpoint Security Basic
Not all features are available for all Endpoint Security products. Features available differ by product. This table lists available features and the products that support them.
| Feature | Elite |
360 |
Prime |
Basic |
|---|---|---|---|---|
| Protection | ||||
| Protection against known and zero- day malware | Supported | Supported | Supported | Supported |
| Protection against known and zero-day ransomware | Supported | Supported | Supported | Supported |
| Protection against known and zero-day exploits | Supported | Supported | Supported | Supported |
| Anti-phishing protection | Supported | Supported | Supported | Supported |
| Protection for multiple attack vectors (web, email, network, devices) | Supported | Supported | Supported | Supported |
| Traditional protection with generic and optimized signatures | Supported | Supported | Supported | Supported |
| Anti-exploit protection | Supported | Supported | Supported | Not supported |
| Zero-Trust Application Service | Supported | Supported | Not supported | Not supported |
| Queries to WatchGuard's cloud-based collective intelligence | Supported | Supported | Supported | Supported |
| Self-learning AI: Context-based behavioral detection | Supported | Supported | Supported | Supported |
| Self-learning AI: Malicious installer (MSI) blocking | Supported | Supported | Supported | Supported |
| Self-learning AI: Malicious .NET detection | Supported | Supported | Supported | Supported |
| Self-learning AI: Script protection | Supported | Supported | Supported | Supported |
| Personal and managed firewall | Supported | Supported | Not supported | Supported |
| IDS / HIPS | Supported | Supported | Supported | Supported |
| Network attack protection | Supported | Supported | Supported | Not supported |
| Device control | Supported | Supported | Supported | Supported |
| URL filtering by category (web browsing monitoring) | Supported | Supported | Supported | Supported |
| Monitoring | ||||
| Endpoint risk monitoring | Supported | Supported | Supported | Supported |
| Continuous monitoring of all process activity | Supported | Supported | Supported | Supported |
| Data retention | 90 days | 90 days | 30 days | 30 days in management UI |
| 1-Year Data Retention add-on module | Supported | Supported | Supported | Not supported |
| Vulnerability assessment | Supported | Supported | Supported | Supported |
| Detection | ||||
| Detection of vulnerable driver | Supported | Supported | Supported | Not supported |
| Fully configurable and instant security risk alerts | Supported | Supported | Supported | Supported |
| Detection of compromised trusted applications | Supported | Supported | Not supported | Not supported |
| Zero-Trust Application Service | Supported | Supported | Not supported | Not supported |
| ThreatSync eXtended Detection and Response (XDR) capabilities | Supported | Supported | Supported | Supported |
| Incident visualization (Incident graph and signal details with timeline) | Supported | Supported | Supported | Supported |
| Incident signals mapped to MITRE ATT&CK | Supported | Supported | Supported | Not supported |
| STIX IOCs and YARA rules search | Supported | Not supported | Not supported | Not supported |
| Containment | ||||
| Real-time computer isolation, scan and restart from the management UI | Supported | Supported | Supported | Not supported |
| Response and Remediation | ||||
| Ability to roll back and remediate the actions taken by attackers (shadow copies) | Supported | Supported | Supported | Supported |
| Centralized quarantine | Supported | Supported | Supported | Supported |
| Automatic analysis and disinfection | Supported | Supported | Supported | Supported |
| Ability to block unknown and unwanted applications | Supported | Supported | Not supported | Not supported |
| ThreatSync eXtended Detection and Response (XDR) capabilities - remediation actions | Supported | Supported | Supported | Not supported |
| Investigation | ||||
| Interactive, multi-signal incident view for comprehensive Root Cause Analysis (RCA) | Supported | Supported | Supported | Not supported |
| Automatic detection and correlation of an attack, with alerts, mapped to the MITRE ATT&CK framework | Supported | Supported | Supported | Not supported |
| Deep context and real-time computer forensics telemetry | Supported | Not supported | Not supported | Not supported |
| Advanced querying for investigations | Supported | Not supported | Not supported | Not supported |
| GenAI Assistant investigations | Supported | Not supported | Not supported | Not supported |
| Advanced attack investigation (Jupyter Notebooks) | Supported | Supported | Supported | Not supported |
| Remote shell for faster MTTR and reduced break dwell time | Supported | Not supported | Not supported | Not supported |
| Deep file analysis with CAPA tool | Supported | Not supported | Not supported | Not supported |
| Verbose Mode for attack simulation | Supported | Not supported | Not supported | Not supported |
| Advanced Reporting Tool (add-on module) | Supported | Supported | Supported | Not supported |
| Discovery and monitoring of unstructured personal data across endpoints (add-on module)* | Supported | Supported | Supported | Not supported |
| Attack Surface Reduction | ||||
| Endpoint Access Enforcement | Supported | Supported | Not supported | Not supported |
| Lock mode in Zero-Trust Application Service | Supported | Supported | Not supported | Not supported |
| Anti-exploit technology | Supported | Supported | Supported | Not supported |
| Block programs by hash or name (for example, PowerShell) | Supported | Supported | Not supported | Not supported |
| Device Control | Supported | Supported | Supported | Supported |
| Web protection | Supported | Supported | Supported | Supported |
| Automatic updates | Supported | Supported | Supported | Supported |
| Automatic discovery of unprotected endpoints | Supported | Supported | Supported | Supported |
| Patch Management for OS and third-party applications (add-on module) | Supported | Supported | Supported | Supported |
| Security for VPN connections (requires Firebox) | Supported | Supported | Supported | Supported |
| Secure access to Wi-Fi network through access points | Supported | Supported | Supported | Supported |
| Advanced security policies | Supported | Not supported | Not supported | Not supported |
| Endpoint Security Management | ||||
| Centralized cloud-based management UI | Supported | Supported | Supported | Supported |
| Settings inheritance between groups and endpoints | Supported | Supported | Supported | Supported |
| Ability to configure and apply settings on a group basis | Supported | Supported | Supported | Supported |
| Ability to configure and apply settings on a per-endpoint basis | Supported | Supported | Supported | Supported |
| Real-time deployment of settings from the management UI to endpoints | Supported | Supported | Supported | Supported |
| Security management based on endpoint views and dynamic filters | Supported | Supported | Supported | Supported |
| Ability to schedule and perform tasks on endpoint views | Supported | Supported | Supported | Supported |
| Ability to assign preconfigured roles to operators in the management UI | Supported | Supported | Supported | Supported |
| Ability to customize local alerts | Supported | Supported | Supported | Supported |
| Ability to control restarts for patch and protection updates | Supported | Supported | Supported | Supported |
| User activity auditing | Supported | Supported | Supported | Supported |
| Installation through MSI packages, download URLs, and emails sent to end users | Supported | Supported | Supported | Supported |
| On-demand and scheduled reports at different levels and with multiple granularity options | Supported | Supported | Supported | Supported |
| Security KPIs and management dashboards | Supported | Supported | Supported | Supported |
| API availability | Supported | Supported | Supported | Supported |
| Remote Monitoring & Management (RMM) Integrations | ||||
| ConnectWise Automate | Supported | Supported | Supported | Supported |
| ConnectWise RMM | Supported | Supported | Supported | Supported |
| Kaseya VSA | Supported | Supported | Supported | Supported |
| N-able N-central | Supported | Supported | Supported | Supported |
| N-able N-sight | Supported | Supported | Supported | Supported |
| NinjaOne (Automated Deployment Scripting) | Supported | Supported | Supported | Supported |
| Modules | ||||
| WatchGuard Data Control* | Supported | Supported | Supported | Not supported |
| WatchGuard Advanced Reporting Tool | Supported | Supported | Supported | Not supported |
| WatchGuard Patch Management | Supported | Supported | Supported | Supported |
| WatchGuard Full Encryption | Supported | Supported | Supported | Supported |
| WatchGuard SIEMFeeder | Supported | Supported | Supported | Not supported |
| WatchGuard MDR (Core, Total, and Open) | Supported | Supported | Supported | Not supported |
| WatchGuard Orion | Supported | Supported | Supported | Not supported |
| Supported Operating Systems | ||||
| Windows Intel | Supported | Supported | Supported | Supported |
| Windows ARM | Supported | Supported | Supported | Supported |
| macOS Intel | Supported | Supported | Supported | Supported |
| macOS ARM (M1 and M2) | Supported | Supported | Supported | Supported |
| Linux | Supported | Supported | Supported | Supported |
| Android | Supported | Supported | Supported | Supported |
| iOS | Supported | Supported | Supported | Supported |
| Support for virtual environments - persistent and non-persistent (VDI)** | Supported | Supported | Supported | Supported |
WatchGuard EDR Core is included in the Firebox Total Security Suite. It is available for a limited number of endpoints, based on the Firebox model. With a Total Security Suite subscription license, you will see an EDR Core license in WatchGuard Cloud. You can use WatchGuard Cloud to manage EDR Core endpoint allocation and to access the Endpoint Security management UI. For information on EDR Core features, go to WatchGuard EDR Core Features.
* WatchGuard Data Control is supported in these countries only: Spain, Germany, UK, Sweden, France, Italy, Portugal, Holland, Finland, Denmark, Switzerland, Norway, Austria, Belgium, Hungary, and Ireland.
** Compatible systems with these types of virtual machines: VMWare Desktop, VMware Server, VMware ESX, VMware ESXi, Citrix XenDesktop, XenApp, XenServer, MS Virtual Desktop, and MS Virtual Servers. Endpoint Security 360 is compatible with Citrix Virtual Apps, Citrix Desktops 1906 & Citrix Workspace App for Windows.
Endpoint Security Supported Features by Platform
Installation Requirements (external link)