Configure Computer Maintenance
Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP
On the Computer Maintenance page, you can configure WatchGuard Endpoint Security to automatically delete endpoints from the management UI based on a filter. To delete endpoints from the management UI, you create a filter to identify computers and devices you want to delete and then enable computer maintenance.
When you define a filter, any endpoints that match the criteria appear in the filter group. WatchGuard Endpoint Security automatically deletes endpoints that meet the criteria in the filter daily between 01:00 AM and 03:00 AM UTC.
When you delete computers:
- You no longer see deleted computers or related information in the management UI.
- The computers are unprotected.
- The endpoint security software and WatchGuard Agent remain on the computer.
- Encrypted computers remain encrypted but you cannot get the recovery keys.
- Deleted computers show as deleted in system events.
We recommend that you turn off a computer after it is deleted. If you do not turn off the computer, it will appear in the Endpoint Security management UI when it reconnects to the WatchGuard Cloud servers. Information generated by the device is not permanently deleted from the WatchGuard Cloud servers. If you reassign a license to the device, the information shows in the management UI when the device reconnects.
You can schedule a regular report that includes computers that WatchGuard Endpoint Security will delete. For more information, see Schedule a Report.
Create a Filter to Delete Devices
You can create a filter to dynamically group the computers and devices on your network that you want to delete. In this example, we create a filter to delete computers from the management UI that have not connected for a period of time.
When you create a filter to delete computers, we recommend that the filter name include information to identify that is deletes computers.
To create a filter:
- In WatchGuard Cloud, select Monitor > Endpoints.
- Select Computers.
- Select Filters.
- Next to the folder where you want to add a filter, click .
- Select Add Filter.
The Add Filter dialog box opens.
- In the Name text box, type a name that indicates that this filter selects devices that will be deleted from the management UI.
For example, Devices to Delete. - Specify the filter rule.
- Select a Category. For example, select Computer.
- Select a Property. For example, to delete computers that have not connected a period of time, select Last Connection.
- Select an Operator. For example, to specify when the devices last connected to the server, you can select:
- Is Between — Finds devices not connected to the server between two specific dates
- Before — Finds computers not connected to the server before a specific date
- After — Finds computers not connected to the server after a specific date
- Click Add.
For more information on how to create a filter, see Add a Filter.
Configure Computer Maintenance to Delete Devices
After you create a filter, you enable computer maintenance to delete devices in the filtered group.
To configure computer maintenance to delete devices:
- In WatchGuard Cloud, select Configure > Endpoints.
- Select Settings.
- Select Computer Maintenance.
- Enable the toggle.
- From the drop-down list, select the filter you created.
You cannot modify or delete the filter when it is in use. - Click Save Changes.
You can schedule an automatic report of the computers that WatchGuard Endpoint Security will delete each day. For more information, see Schedule a Report.