Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP
Not all features are available for all supported platforms. Features available differ by computer platform. This table lists available features and the platforms that support them.
| Available Features | Windows (Intel & ARM) |
Linux |
macOS (Intel & ARM) |
Android |
iOS |
|---|---|---|---|---|---|
| General | |||||
| Web-based management UI |
|
|
|
|
|
| Information in dashboards |
|
|
|
|
|
| Filter-based computer organization |
|
|
|
|
|
| Group-based computer organization |
|
|
|
|
|
| Lists and Reports | |||||
| Frequency that malware, PUPs and exploit activity, and blocked programs are sent to the server | 1 min | 10 min | 10 min | Immediately after scan completes | N/A |
| Frequency that other detections are sent to the server | 15 min | 15 min | 15 min | Immediately after scan completes | 15 min |
| List of detections |
|
|
|
|
|
| Executive reports |
|
|
|
|
|
| Scheduled executive reports |
|
|
|
|
|
| Protection | |||||
| Anti-tamper protection |
|
||||
| Anti-phishing |
|
|
|
||
| Real-time permanent antivirus protection |
|
|
|
|
|
| Contextual detections |
|
|
|||
| Network attack protection |
|
||||
| Anti-exploit protection |
|
||||
| Zero-Trust Application Service (Hardening and Lock) |
|
||||
| Continuous endpoint risk monitoring |
|
|
|
|
|
| Shadow copies |
|
||||
| Decoy files |
|
||||
| Vulnerability assessment |
|
|
|
||
| Firewall |
|
||||
| URL filtering |
|
|
|
||
| Device control |
|
||||
| STIX IOCs and YARA rules search |
(Advanced EPDR only) |
||||
| Advanced security policies to reduce the attack surface |
(Advanced EPDR only) |
||||
| Anti-theft |
|
|
|||
| Detection | |||||
| Threat Hunting Service: High fidelity indicators of attack (IOAs) mapped to MITRE ATT&CK |
|
|
|
||
| Threat Hunting Service: Non-deterministic IOAs mapped to MITRE ATT&CK with contextual telemetry |
(Advanced EPDR only) |
||||
| Zero-Trust Application Service for classifying all untrusted executables in the system to detect potential malicious applications |
|
||||
| IOAs and suspicious behaviors investigation area |
(Advanced EPDR only) |
(Advanced EPDR only) |
(Advanced EPDR only) |
||
| Access to enriched telemetry where MITRE ATT&CK tactics and techniques are mapped to suspicious events |
(Advanced EPDR only) |
(Advanced EPDR only) |
(Advanced EPDR only) |
||
| Deep file analysis |
(Advanced EPDR only) |
||||
| Verbose Mode for attack simulation |
(Advanced EPDR only) |
||||
| Response from Management UI | |||||
| On-demand scans |
|
|
|
|
N/A |
| Scheduled scans |
|
|
|
|
N/A |
| Computer restart |
|
|
|
||
| Computer isolation |
|
|
|
||
| Remote Shell to manage processes and services, file transfers, command-line tools, get dumps, pcap, and others |
(Advanced EPDR only |
(Advanced EPDR only |
(Advanced EPDR only |
||
| Hardware and Software Information | |||||
| Hardware |
|
|
|
|
|
| Software |
|
|
|
|
|
| Software change log |
|
|
|
|
|
| Information about installed OS patches |
|
|
|
||
| Vulnerability assessment |
|
|
|
||
| Settings | |||||
| Security settings for workstations and servers |
|
|
|
NA | NA |
| Password to uninstall the protection and take actions locally |
|
||||
| Network access enforcement (requires Firebox) |
|
|
|
||
| Secure access to Wi-Fi network through access points |
|
|
|||
| Secure access to endpoints from other devices |
|
||||
| Ability to establish multiple proxies |
|
|
|
NA | NA |
| Ability to work as a WatchGuard proxy |
|
NA | NA | ||
| Ability to use the WatchGuard proxy |
|
|
|
NA | NA |
| Ability to work as a repository or cache |
|
|
|
NA | NA |
| Ability to use the repository or cache |
|
NA | NA | ||
| Ability to block connections from endpoints |
(Advanced EPDR only |
||||
| Discovery of unprotected computers |
|
||||
| Email alerts in the event of an infection |
|
|
|
|
|
| Email alerts when finding an unprotected computer |
|
|
|
|
|
| Remote Actions from the Management UI | |||||
| Real-time actions |
|
|
|
|
|
| Remote installation of the agent |
|
||||
| Ability to reinstall the agent and protection |
|
||||
| Authorized software by hash or program properties |
|
||||
| Program blocking by hash and program name |
|
||||
| Updates and Upgrades | |||||
| Signature updates |
|
|
|
|
NA |
| Protection upgrades |
|
|
|
|
NA |
| Ability to schedule protection upgrades |
|
|
|
Google Play | App Store |
| Modules | |||||
| WatchGuard Advanced Reporting Tool |
|
|
|
||
| WatchGuard Patch Management |
* |
|
|
||
| WatchGuard Data Control |
|
||||
| WatchGuard Full Encryption |
|
|
|||
| WatchGuard SIEMFeeder |
|
|
|
||
* The feature works on Windows (Intel) and partially on Windows (ARM).
WatchGuard EPDR and Advanced EPDR include these platform features:
| Available Features | Windows (Intel & ARM) |
Linux |
macOS (Intel & ARM) |
Android |
iOS |
|---|---|---|---|---|---|
| ThreatSync-XDR | |||||
| Cross-product security data correlation and detection (Network and Endpoint Security) |
|
|
|
||
| Score-based IOAs and threat prioritization |
|
|
|
||
| Kill process action |
|
||||
| Delete and restore suspicious programs |
|
||||
| Isolation and stop isolation |
|
||||
| Automated response policies |
|
|
|
||
Installation Requirements (external link)
Operating System Compatibility for Endpoint Security Features (external link)