Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP
The WatchGuard Endpoint Security installation process consists of a series of steps that depend on the status of the network at the time of deployment and the number of computers and devices you want to protect. We recommend that you complete these steps to plan the installation of WatchGuard Endpoint Security:
- Step 1 — Identify Unprotected Devices
- Step 2 — Verify Minimum Requirements for Target Devices
- Step 3 — Add a Proxy
- Step 4 — Select a Deployment Strategy
- Step 5 — Uninstall Products and Restart Computers
- Step 6 — Determine Computer Default Settings
Step 1 — Identify Unprotected Devices
Identify the physical and virtual macOS, Android, iOS, Windows, or Linux computers and devices you want to protect with WatchGuard Endpoint Security.
Verify that you have purchased enough licenses for the unprotected devices. WatchGuard Endpoint Security allows you to install the endpoint agent even when you do not have enough licenses for all the computers you want to protect. Computers without a license still show information such as installed software and hardware on the computer details page, but are not protected.
For more information, go to Unmanaged Computers Discovered List .
Step 2 — Verify Minimum Requirements for Target Devices
Make sure that the computers and devices you want to protect meet the minimum installation requirements. For information on requirements, go to Installation Requirements in the Release Notes.
For modules requirements, go to the appropriate topic:
- WatchGuard Full Encryption Requirements
- Patch Management Requirements
- Advanced Visualization Tool Requirements
- Data Control Requirements
- SIEMFeeder Requirements
WatchGuard endpoint security products require access to multiple Internet-hosted resources. Make sure these URLs and ports are open to allow communication with the WatchGuard servers.
For more information on URLs and port access, go to this Knowledge Base article.
Step 3 — Add a Proxy
If required, before you install the endpoint software, you can add a proxy for Windows computers in the management UI. A proxy is a computer that acts as an intermediary for communication between two computers: a client on an internal network and a server on an extranet or the Internet. For more information, go to Add a Proxy (Windows Computers).
Step 4 — Select a Deployment Strategy
Deploy the WatchGuard Agent to computers and devices in your organization with the correct network settings. The deployment strategy depends on the number of devices to protect, the devices with an WatchGuard Agent already installed, and the company network architecture, including whether there is a mobile device management solution in use.
For more information, go to the appropriate installation procedure for your scenario and platform:
- Download the WatchGuard Agent Installer
- Install the Endpoint Software Locally
- Install the Endpoint Security Software on Windows Computers and Servers
- Install the Endpoint Security Software on Mac Computers
- Install the Endpoint Security Software on Linux Computers
- Install the WatchGuard Mobile Security App on Android Devices
- Install the WatchGuard Mobile Security App on iOS Devices
- Install the Endpoint Software Remotely (Windows Computers)
- Install the Endpoint Software with Centralized Tools (Windows Computers)
- Install the Endpoint Software on Virtual Environments with a Template or Gold Image (Windows Computers)
Step 5 — Uninstall Products and Restart Computers
If you want to install WatchGuard Endpoint Security on a computer that already has an antivirus solution from another vendor, you can remove the current solution and install WatchGuard Endpoint Security. You can also choose to not remove the current solution, so that the WatchGuard and third-party products coexist on the computer.
You do not have to remove any pre-existing third-party solution when you start a WatchGuard Endpoint Security trial. For information on trials, go to Manage Trials – Service Providers.
By default, the WatchGuard EPDR workstation and server settings have the Uninstall Other Security Products option enabled. Disable this option if you want to keep third-party products on the computer. By default, the WatchGuard EDR workstation and server settings have the Uninstall Other Security Product option disabled. As WatchGuard EDR does not include antivirus protection, it is configured by default to work with antivirus applications already installed on the computer.
When you enable the Uninstall Other Security Product option, if WatchGuard Endpoint Security has the uninstaller for the third-party product, it will uninstall the product and then install WatchGuard EPDR or WatchGuard EPP. If the third-party product cannot be uninstalled, the installation process stops. When you uninstall a third-party antivirus product, you might have to restart the computer.
For a list of the third-party security products that WatchGuard Endpoint Security uninstalls automatically, go to Programs Automatically Uninstalled by WatchGuard Endpoint Security.
Antivirus and WatchGuard EPP
If the target computer already has WatchGuard EPP installed and you want to upgrade to WatchGuard EPDR, the solution automatically uninstalls the communications agent and installs the latest WatchGuard Agent. It then checks if an upgrade to WatchGuard EPDR is required. If it is required, the computer restarts.
For a list of the antivirus solutions that WatchGuard Endpoint Security can automatically uninstall, go to WatchGuard Endpoint Security Supported Uninstallers. If the solution that needs to be needs to be uninstalled is not on the list, it must be removed manually.
Step 6 — Determine Computer Default Settings
When the client software is installed on the computer or device, WatchGuard Endpoint Security applies the group security settings to the computer or device. During installation, you select a target group for the computer with the required network settings. If the network settings for the selected group differ from the settings specified during installation, the installation settings apply.
For more information, go to Best Practices — Installation Tips for Groups and Settings.