Operating System Compatibility by Feature

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EPP, WatchGuard EDR, WatchGuard EDR Core

Not all features are available for all supported platforms. Features available differ by computer platform. This table lists available features and the platforms that support them.

Available Features	Windows (Intel & ARM)	Linux	macOS (Intel & ARM)	Android	iOS
General
Web-based management UI	Supported	Supported	Supported	Supported	Supported
Information in dashboards	Supported	Supported	Supported	Supported	Supported
Filter-based computer organization	Supported	Supported	Supported	Supported	Supported
Group-based computer organization	Supported	Supported	Supported	Supported	Supported
Lists and Reports
Frequency that malware, PUPs and exploit activity, and blocked programs are sent to the server	1 min	10 min	10 min	Immediately after scan completes	N/A
Frequency that other detections are sent to the server	15 min	15 min	15 min	Immediately after scan completes	15 min
List of detections	Supported	Supported	Supported	Supported	Supported
Executive reports	Supported	Supported	Supported	Supported	Supported
Scheduled executive reports	Supported	Supported	Supported	Supported	Supported
Zero-Trust Application Service monthly report	Supported	Not supported	Not supported	Not supported	Not supported
Protection
Anti-tamper protection	Supported	Supported	Not supported	Not supported	Not supported
Anti-phishing	Supported	Not supported	Supported	Not supported	Supported
Real-time permanent antivirus protection	Supported	Supported	Supported	Supported	Not supported
Self-learning AI: Context-based detection	Supported	Supported	Not supported	Not supported	Not supported
Network attack protection	Supported	Not supported	Not supported	Not supported	Not supported
Self-learning AI: Malicious Installer Blocking (MSI)	Supported	Not supported	Not supported	Not supported	Not supported
Self-learning AI: Script Protection	Supported	Not supported	Not supported	Not supported	Not supported
Self-learning AI: Malicious .NET Detection	Supported	Not supported	Not supported	Not supported	Not supported
Anti-exploit protection	Supported	Not supported	Not supported	Not supported	Not supported
Zero-Trust Application Service (Hardening and Lock)	Supported	Not supported	Not supported	Not supported	Not supported
Continuous endpoint risk monitoring	Supported	Supported	Supported	Supported	Supported
Shadow copies	Supported	Not supported	Not supported	Not supported	Not supported
Decoy files	Supported	Not supported	Not supported	Not supported	Not supported
Vulnerability assessment	Supported	Supported	Supported	Not supported	Not supported
Firewall	Supported	Not supported	Not supported	Not supported	Not supported
URL filtering	Supported	Not supported	Supported	Not supported	Supported
Device control	Supported	Not supported	Not supported	Not supported	Not supported
STIX IOCs and YARA rules search	Supported (Advanced EPDR only)	Not supported	Not supported	Not supported	Not supported
Advanced security policies to reduce the attack surface	Supported (Advanced EPDR only)	Not supported	Not supported	Not supported	Not supported
Anti-theft	Not supported	Not supported	Not supported	Supported	Supported
Detection
Threat Hunting Service: High fidelity indicators of attack (IOAs) mapped to MITRE ATT&CK	Supported	Supported	Supported	Not supported	Not supported
Threat Hunting Service: Non-deterministic IOAs mapped to MITRE ATT&CK with contextual telemetry	Supported (Advanced EPDR only)	Not supported	Not supported	Not supported	Not supported
Zero-Trust Application Service for classifying all untrusted executables in the system to detect potential malicious applications	Supported	Not supported	Not supported	Not supported	Not supported
IOAs and suspicious behaviors investigation area	Supported (Advanced EPDR only)	Supported (Advanced EPDR only)	Supported (Advanced EPDR only)	Not supported	Not supported
GenAI telemetry assistant	Supported (Advanced EPDR only)	Supported (Advanced EPDR only)	Supported (Advanced EPDR only)	Not supported	Not supported
Access to enriched telemetry where MITRE ATT&CK tactics and techniques are mapped to suspicious events	Supported (Advanced EPDR only)	Supported (Advanced EPDR only)	Supported (Advanced EPDR only)	Not supported	Not supported
Deep file analysis	Supported (Advanced EPDR only)	Supported (Advanced EPDR only)	Not supported	Not supported	Not supported
Automated and interactive incident attack story	Supported (Advanced EPDR only)	Supported (Advanced EPDR only)	Not supported	Not supported	Not supported
Verbose Mode for attack simulation	Supported (Advanced EPDR only)	Supported (Advanced EPDR only)	Supported (Advanced EPDR only)	Not supported	Not supported
Response from Management UI
On-demand scans	Supported	Supported	Supported	Supported	N/A
Scheduled scans	Supported	Supported	Supported	Supported	N/A
Computer restart	Supported	Supported	Supported	Not supported	Not supported
Computer isolation	Supported	Supported	Supported	Not supported	Not supported
Remote Shell to manage processes and services, file transfers, command-line tools, get dumps, pcap, and others	Supported (Advanced EPDR only	Supported (Advanced EPDR only	Supported (Advanced EPDR only	Not supported	Not supported
Hardware and Software Information
Hardware	Supported	Supported	Supported	Supported	Supported
Software	Supported	Supported	Supported	Supported	Supported
Software change log	Supported	Supported	Supported	Supported	Supported
Information about installed OS patches	Supported	Supported	Supported	Not supported	Not supported
Vulnerability assessment	Supported	Supported	Supported	Not supported	Not supported
Settings
Security settings for workstations and servers	Supported	Supported	Supported	NA	NA
Password to uninstall the protection and take actions locally	Supported	Supported	Supported	Not supported	Not supported
Secure VPN connections with Firebox	Supported	Not supported	Supported	Supported	Not supported
Secure access to Wi-Fi network through access points	Supported	Not supported	Supported	Not supported	Not supported
Secure access to endpoints from other devices	Supported	Not supported	Not supported	Not supported	Not supported
Ability to establish multiple proxies	Supported	Supported	Supported	NA	NA
Ability to work as a WatchGuard proxy	Supported	Not supported	Not supported	NA	NA
Ability to use the WatchGuard proxy	Supported	Supported	Supported	NA	NA
Ability to work as a repository or cache	Supported	Supported	Supported	NA	NA
Ability to use the repository or cache	Supported	Not supported	Not supported	NA	NA
Ability to block connections from endpoints	Supported (Advanced EPDR only	Not supported	Not supported	Not supported	Not supported
Discovery of unprotected computers	Supported	Not supported	Not supported	Not supported	Not supported
Email alerts in the event of an infection	Supported	Supported	Supported	Supported	Supported
Email alerts when finding an unprotected computer	Supported	Supported	Supported	Supported	Supported
Remote Actions from the Management UI
Real-time actions	Supported	Supported	Supported	Supported	Supported
Remote installation of the agent	Supported	Not supported	Not supported	Not supported	Not supported
Ability to reinstall the agent and protection	Supported	Not supported	Not supported	Not supported	Not supported
Authorized software by hash or program properties	Supported	Not supported	Not supported	Not supported	Not supported
Program blocking by hash and program name	Supported	Not supported	Not supported	Not supported	Not supported
Ability to report incidents with PSInfo					Supported
Updates and Upgrades		Updates and Upgrades		Updates and Upgrades
Signature updates	Supported	Supported	Supported	Supported	NA
Protection upgrades	Supported	Supported	Supported	Supported	NA
Local AI updates	Supported	Supported	Supported	Not supported	Not supported
Ability to schedule protection upgrades	Supported	Supported	Supported	Google Play	App Store
Ability to control restarts for patch and protection updates
Modules	Modules	Modules	Modules	Modules	Modules
WatchGuard Advanced Reporting Tool	Supported	Supported	Supported	Not supported	Not supported
WatchGuard Patch Management	Supported*	Supported	Supported	Not supported	Not supported
WatchGuard Data Control	Supported	Not supported	Not supported	Not supported	Not supported
WatchGuard Full Encryption	Supported	Not supported	Supported	Not supported	Not supported

* The feature works on Windows (Intel) and partially on Windows (ARM).

** EDR Core does not support Endpoint Security modules.

© 2025 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, Firebox, Core, and Fireware are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.