TDR Host Sensor Kernel Driver Settings

Ricardo Arroyo's picture

15 Oct 2019 By Ricardo Arroyo
Categories: Network Security


WatchGuard’s Threat Detection and Response (TDR) has been protecting your assets for more than two years. We continue to improve stability and performance while improving our detection and remediation of threats before they can cause a problem in your network. 

To take full advantage of the threat detection capabilities available in TDR, we recommend that you enable the Host Sensor Kernel Driver features on all desktop and mobile devices. After extensive testing, we have determined that you will experience faster and more thorough detection and remediation for both our traditional detection and response functionality, as well as Host Ransomware Protection, if you enable Kernel Driver features.

We highly encourage you to enable the Host Sensor Kernel Driver features to improve your experience and protect your networks. Starting in December of 2018 we made these recommended settings the default for new accounts. 
To optimize TDR on your network, make these changes:

  1. Log in to the TDR Web UI as an Administrator or Analyst.
  2. Select Settings > Host Sensor.
  3. In the Host Sensor Driver Configuration Settings, change the following settings to ON:
    • Enable Kernel Process Events
    • Enable Kernel File Events
    • Enable Kernel Registry Events
    • Enable Kernel Kill Process Action
    • Enable Kernel Delete File Action
    • Enable Kernel Host Containment Action
    • Enable Kernel File Handle Enumeration
  4. Click Save. 

For more information about TDR recommended settings, please visit the WatchGuard Help Center.