About the Remote Control Tool

Applies To: WatchGuard Advanced EPDR

With Advanced EPDR, you can remotely connect to the Windows, Mac, or Linux computers on your network from the Endpoint Security management UI or the ThreatSync management UI. This enables you to investigate a potential attack and remediate it.

Before you begin, the computer you want to connect to remotely must have a remote control settings profile assigned. For more information, go to Configure Remote Control Settings.

To use the Remote Control tool, your computer and the network perimeter firewall must allow traffic to and from *.rc.pandasecurity.com (port 8080 and 443).

Start a Remote Control Session

You can start a remote control session from the Endpoint Security management UI, or from the ThreatSync management UI on the Incidents page, Incident Details page, and Endpoints page.

  1. In WatchGuard Cloud, select Configure > Endpoints.
  2. Select Computers.
  3. From the left pane, select the My Organization tab.
  4. Next to the computer or group of computers you want to connect to remotely, click More options icon.

Screen shot of Endpoint Security, Remote Control option

  1. Select Remote Control.
    The Remote Control window for the computer opens.
  1. In WatchGuard Cloud, select Monitor > Threats > Incidents.
    The Incidents page opens.
  2. Select the check box next to an incident.
    The Actions menu appears.

Screenshot of the Actions menu with Remote Control highlighted.

  1. From the Actions drop-down list, select Remote Control.
    The Remote Control window for the computer opens.
  1. In WatchGuard Cloud, select Monitor > Threats > Incidents.
    The Incidents page opens.
  2. Select an incident from the list.
    The Incident Details page opens.
  3. In the Device section, select .
    The Actions menu appears.

Screenshot of the Device section on the Incident Details page, with Remote Control highlighted.

  1. From the Actions drop-down list, select Remote Control.
    The Remote Control window for the computer opens.
  1. In WatchGuard Cloud, select Monitor > Threats > Endpoints.
  2. Select the check box next to an endpoint.
    The Actions menu appears.

Screenshot of the Actions menu with Remote Control highlighted.

  1. From the Actions drop-down list, select Remote Control.
    The Remote Control window for the computer opens.

The Remote Control window can include up to four tabs:

Select a tab to show the information on each page.

Processes

On the Processes page, the table shows information about each process in the remote computer memory, including the RAM and CPU used. The total CPU used by the processes and the total memory (RAM) used show below the table.

Screen shot of Advanced EPDR, Remote Control Process page CPU usage

You can search for, stop, and start processes on the computer.

  • To specify the frequency that Endpoint Security refreshes the information in the table, from the Refresh Processes list, select the time interval (for example, 5 seconds).

Screen shot of Advanced EPDR, Remote Control Processes page

  • To filter the list of processes, in the search bar, type the first few letters of a process name, user, or PID.
  • To stop a process, select a process in the table and click Stop icon.
  • To start a process, click Run icon.. In the Run Task dialog box, type the name of the task you want to start. Click Send.

Screen shot of Advanced EPDR, Remote Control Run task dialog box

Services

The Services page shows all services configured on the remote computer and enables you to find specific services to change their status.

You can search for, stop, and start services on the remote computer.

  • To specify the frequency that Endpoint Security refreshes the information in the table, from the Refresh Services list, select the interval (for example 5 seconds).

Screen shot of Advanced EPDR, Remote Control Services page

  • To filter the table for a service, click Filter and in the search bar, type the first few letters of the service name or description. From the Status drop-down list, select a status (for example, Running or Not Running).

Screen shot of Advanced EPDR, Remote Control Services filter

  • To stop a service, select the service in the table and click Stop icon.
  • To start a service, select the service in the table and click Start icon.
  • To refresh the status of a service, select the service in the table and click Refresh icon.

File Transfer

On the Files page, you can transfer files to and from your computer to the remote computer. You can also navigate the file system on the remote computer and delete files. The file table shows information about each file found on the remote computer.

  • To specify the frequency that Endpoint Security refreshes the directory, from the Refresh Directory list, select the interval (for example, 5 seconds).

Screen shot of Advanced EPDR, Remote Control Files page

If there are errors when you try to get access to the remote computer file system, a message bar shows.

  • The file path shows at the top of the window. To change directories, click another drive or folder in the file path or in the Name column.
  • To show the list of devices connected to the computer, click Home icon in the file path.
  • To upload a file to the computer, click Upload icon. Click Click to Upload to select the file you want to upload.

  • To download a file from the computer, select the file in the table that you want to download. Click Download icon.
  • To delete a file on the computer, select the file in the table and click Delete icon. Endpoint Security deletes the file and removes it from the computer.

Related Topics

Configure Remote Control Settings

Connect to Computers Remotely

Remote Control Terminal — Commands and Parameters

Monitor ThreatSync Incidents

Review Incident Details

Monitor ThreatSync Endpoints