Endpoint Security Supported Features by Platform

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

Not all features are available for all supported platforms. Features available differ by computer platform. This table lists available features and the platforms that support them.

Available Features Windows (Intel & ARM)

Linux

macOS (Intel & ARM)

Android

iOS

General  
Web-based management UI
Information in dashboards
Filter-based computer organization
Group-based computer organization
Lists and Reports  
Frequency that malware, PUPs and exploit activity, and blocked programs are sent to the server 1 min 10 min 10 min Immediately after scan completes N/A
Frequency that other detections are sent to the server 15 min 15 min 15 min Immediately after scan completes 15 min
List of detections
Executive reports
Scheduled executive reports
Protection  
Anti-tamper protection        
Anti-phishing    
Real-time permanent antivirus protection  
Contextual detections      
Network attack protection        
Anti-exploit protection        
Zero-Trust Application Service (Hardening and Lock)        
Continuous endpoint risk monitoring
Shadow copies        
Decoy files        
Vulnerability assessment    
Firewall        
URL filtering    
Device control        
STIX IOCs and YARA rules search

(Advanced EPDR only)

       
Advanced security policies to reduce the attack surface

(Advanced EPDR only)

       
Anti-theft      
Detection
Threat Hunting Service: High fidelity indicators of attack (IOAs) mapped to MITRE ATT&CK    
Threat Hunting Service: Non-deterministic IOAs mapped to MITRE ATT&CK with contextual telemetry

(Advanced EPDR only)

       
Zero-Trust Application Service for classifying all untrusted executables in the system to detect potential malicious applications        
IOAs and suspicious behaviors investigation area

(Advanced EPDR only)

(Advanced EPDR only)

(Advanced EPDR only)

   
Access to enriched telemetry where MITRE ATT&CK tactics and techniques are mapped to suspicious events

(Advanced EPDR only)

(Advanced EPDR only)

(Advanced EPDR only)

   
Deep file analysis

(Advanced EPDR only)

       
Verbose Mode for attack simulation

(Advanced EPDR only)

       
Response from Management UI
On-demand scans N/A
Scheduled scans N/A
Computer restart    
Computer isolation    
Remote Shell to manage processes and services, file transfers, command-line tools, get dumps, pcap, and others

(Advanced EPDR only

(Advanced EPDR only

(Advanced EPDR only

   
Hardware and Software Information
Hardware
Software
Software change log
Information about installed OS patches    
Vulnerability assessment    
Settings  
Security settings for workstations and servers NA NA
Password to uninstall the protection and take actions locally        
Secure VPN connections (requires Firebox)    
Secure access to Wi-Fi network through access points      
Secure access to endpoints from other devices        
Ability to establish multiple proxies NA NA
Ability to work as a WatchGuard proxy     NA NA
Ability to use the WatchGuard proxy NA NA
Ability to work as a repository or cache NA NA
Ability to use the repository or cache     NA NA
Ability to block connections from endpoints

(Advanced EPDR only

       
Discovery of unprotected computers        
Email alerts in the event of an infection
Email alerts when finding an unprotected computer
Remote Actions from the Management UI  
Real-time actions
Remote installation of the agent        
Ability to reinstall the agent and protection        
Authorized software by hash or program properties        
Program blocking by hash and program name        
Updates and Upgrades  
Signature updates NA
Protection upgrades NA
Ability to schedule protection upgrades Google Play App Store
Modules
WatchGuard Advanced Reporting Tool    
WatchGuard Patch Management *    
WatchGuard Data Control        
WatchGuard Full Encryption      
WatchGuard SIEMFeeder    

* The feature works on Windows (Intel) and partially on Windows (ARM).

WatchGuard EPDR and Advanced EPDR include these platform features:

Available Features Windows (Intel & ARM)

Linux

macOS (Intel & ARM)

Android

iOS

ThreatSync-XDR
Cross-product security data correlation and detection (Network and Endpoint Security)    
Score-based IOAs and threat prioritization    
Kill process action        
Delete and restore suspicious programs        
Isolation and stop isolation        
Automated response policies    

Related Topics

Installation Requirements (external link)

Operating System Compatibility for Endpoint Security Features (external link)