Product and Support News

TDR Host Sensor Kernel Driver Settings

Profile picture for user rarroyo

WatchGuard’s Threat Detection and Response (TDR) has been protecting your assets for more than two years. We continue to improve stability and performance while improving our detection and remediation of threats before they can cause a problem in your network. 

To take full advantage of the threat detection capabilities available in TDR, we recommend that you enable the Host Sensor Kernel Driver features on all desktop and mobile devices. After extensive testing, we have determined that you will experience faster and more thorough detection and remediation for both our traditional detection and response functionality, as well as Host Ransomware Protection, if you enable Kernel Driver features.

We highly encourage you to enable the Host Sensor Kernel Driver features to improve your experience and protect your networks. Starting in December of 2018 we made these recommended settings the default for new accounts. 
To optimize TDR on your network, make these changes:

  1. Log in to the TDR Web UI as an Administrator or Analyst.
  2. Select Settings > Host Sensor.
  3. In the Host Sensor Driver Configuration Settings, change the following settings to ON:
    • Enable Kernel Process Events
    • Enable Kernel File Events
    • Enable Kernel Registry Events
    • Enable Kernel Kill Process Action
    • Enable Kernel Delete File Action
    • Enable Kernel Host Containment Action
    • Enable Kernel File Handle Enumeration
  4. Click Save. 

For more information about TDR recommended settings, please visit the WatchGuard Help Center.

Browse by Category



Sign up to get the latest product news, updates, and support alerts from WatchGuard.




Beta Program

Resource Center

End of Life Info

Product Certifications

Product & Support News


"The 443" Podcast


Keep in Touch

  Subscribe by Email

  Subscribe by RSS