We are excited to announce that Threat Detection and Response (TDR) has some new capabilities! By popular demand, WatchGuard has made pre-configured Antivirus Exclusions a reality! Gone are the days of copying and pasting directory paths one by one into the Exclusions page. These predefined exclusion sets make it easy to add exclusions for the most common antivirus vendors.
To see these changes in the TDR Web UI, select Configuration > Exclusions. The Exclusion page now includes two tabs:
- Custom Exclusions - Shows the exclusions you configured manually before version 5.8.0. Any custom exclusions you added previously still work as expected.
- AV Exclusions - Shows the predefined sets of exclusions for common antivirus vendors.
In addition to the AV Exclusions feature, we have a new Host Ransomware Prevention (HRP) Visualization feature. When you view the details of an HRP Indicator that was successfully remediated, you can now view a graphical representation of the event.
If the Indicator can be graphed, you will see a new Chart button in the Additional Details pop-up of the Indicator. Click the button to open a new window. The chart is interactive, with the following capabilities:
- Processes are displayed as square nodes
- If the Process has Behaviors, a plus sign will display in the Process node.
- Behaviors are displayed as oval nodes, and will be expanded when you click on the plus sign
- Hover over any node to show details
- Click on a node to highlight the node and the paths to related nodes
- The Download/Export icon enables you to export the chart as an image
We hope you are as excited about this new feature as we are! Any and all feedback is always welcome!
WatchGuard Product Team