Exclude a Network Attack Detection (Windows Computers)

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product.

Network Attack Protection scans network traffic in real-time to detect and stop threats. It prevents network attacks that attempt to exploit vulnerabilities in services that are open to the Internet and in the internal network.

Network Attack Protection can generate these detection incidents:

• Blocked — A network attack was detected and the protection has cut the connection.
• Detected — No action was taken because the protection is configured in Audit mode.
• Allowed (Audit Mode) — No action was taken because the protection is configured in Audit mode.

For information on the types of attacks and exploits that Network Attack Protection detects, go to Network Attack Protection — Types of Attacks Detected (Windows Computers).

When a specific network attack is detected, you can exclude the attack from future detections. When you create an exclusion for a specific attack, you continue to be protected from the remaining network attacks in the list of attacks that Network Attack Protection detects.

To exclude a network attack detection:

1. Select Status > Security.
2. Click the Network Attack Activity tile.

3. From the Network Attack Activity list, select the computer you want to review the activity for.

4. On the Network Attack Detections details page, review the type of network attack and the action. For a list of the types of network attacks detected, go to Network Attack Protection — Types of Attacks Detected (Windows Computers).
5. To add an exclusion, click (i) next to the Action.

6. Click Do not detect again.
7. In the Do Not Detect Again dialog box, add a specific IP address or an IP range, if required. You can enter IPv4 and IPv6 addresses.

8. Click Do not detect again.

To allow a previously excluded network attack detection:

1. Select Status > Security.
2. In the Detected Items Allowed by the Administrator tile, click Network Attacks.
3. From the Detected Items Allowed by the Administrator list, select the program you want to allow.
4. Click Stop Allowing.

5. Click Close.
   The History of Items Allowed by the Administrator list shows that the administrator removed the exclusion.

Related Topics

Network Attack Protection — Types of Attacks Detected (Windows Computers)

Detected Items Allowed by the Administrator