About Alerts
Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP
On the My Alerts page, you configure alerts to send to the network administrator by email. You define alerts for each Endpoint Security management UI user. The content of an alert email varies with the managed computers that are visible to the recipient.
Click to export a list of the email addresses added to alert settings for the account.
You can select or send alerts when these events occur:
- WatchGuard Endpoint Security detects a malware specimen, PUP, or exploit
- WatchGuard Endpoint Security detects a network attack
- There is an attempt to use an unauthorized external device
- WatchGuard Endpoint Security reclassifies an unknown item (malware or PUP)
- WatchGuard Endpoint Security detects and blocks an unknown process during classification
- WatchGuard Endpoint Security detects Indicators of Attack
- WatchGuard Endpoint Security detects network attack activity
- There is a license status change
- There are installation errors or a computer is unprotected
Alert Types
Malware Detections (Windows computers only)
Sends an alert for each malware detected in real time on a computer. WatchGuard Endpoint Security sends a maximum of two messages for each computer each day.
Exploit Detections (Windows computers only)
Sends an alert for each exploit attempt detected. WatchGuard Endpoint Security sends a maximum of 10 alerts for each computer-exploit each day.
PUP Detections (Windows computers only)
Sends an alert for each PUP detected in real time on a computer. WatchGuard Endpoint Security sends a maximum of two alerts for each computer-PUP each day.
A Program that is Being Classified Gets Blocked (Windows computers only)
Sends an alert for each unknown program detected in real time on the file system.
Programs Blocked by the Administrator (Windows computers only)
Sends an alert every time a program is blocked.
A File Allowed by the Administrator is Finally Classified
Sends an alert when WatchGuard Endpoint Security classifies a file that the administrator previously allowed.
Administrator-allowed files are files which the administrator allowed to run although WatchGuard Endpoint Security blocked them. As soon as WatchGuard Endpoint Security completes the classification, it informs the administrator of the verdict so that the file can be allowed or blocked, based on the reclassification policy.
A Malware URL is Blocked
Sends an alert when a URL that points to malware is detected. WatchGuard Endpoint Security sends an message every 15 minutes with a summary of all detected threats.
Phishing Detections
Sends an alert when WatchGuard Endpoint Security detects a phishing attack. WatchGuard Endpoint Security sends a message every 15 minutes with a summary of all detected threats.
An Intrusion Attempt Gets Blocked (Windows computers only)
Sends an alert when the IDS module blocks an intrusion attempt. WatchGuard Endpoint Security sends a message every 15 minutes with a summary of all detected threats.
Blocked Devices
Sends an alert when a user tries to access a device or peripheral that the administrator blocked. WatchGuard Endpoint Security sends a message every 15 minutes with a summary of all detected threats.
Compatible with Windows, Linux, macOS, and Android devices.
Network Attack Detections
Sends an alert when WatchGuard Endpoint Security detects a network attack.
Indicators of Attack
Sends an alert when WatchGuard Endpoint Security detects an Indicator of Attack.
Computers with Protection Errors
Sends an alert when WatchGuard Endpoint Protection finds an unprotected computer on the network or a computer with a protection or installation error. Sends an alert every time an error is found.
Computers without a License
Sends an alert when WatchGuard Endpoint Security fails to assign a license to a computer when there is no free license. Sends an alert every time an error is found.
Install Errors
Sends an alert when an event occurs that causes computer status to change from protected to unprotected. If WatchGuard Endpoint Security detects several events at the same time that could cause a computer status to change from protected to unprotected, it only generates one alert with a summary of all the events.
Discovery of an Unmanaged Computer
Sends an alert when a discovery computer finishes a discovery task or a discovery task finds a never-seen-before computer on the network. Sends an every time.
Status Change Alerts
These computer statuses trigger an alert:
- Protection with Errors — The status of the antivirus or advanced protection installed on a computer shows an error. This only applies to computers with an operating system that supports antivirus or advanced protection.
- Installation Error — An installation error occurs that requires user intervention, such as insufficient disk space. Transient errors that can be resolved autonomously after a number of retries do not generate an alert.
- No License — A computer does not receive a license after registration because there are no free licenses.