Security Risks Status in WatchGuard Endpoint Security

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

On the Risks dashboard, you can monitor the overall status of the security risks assigned to computers in your network. WatchGuard Endpoint Security calculates the overall risk level for a computer from the risk level of one or more risks identified on the computer.

When you configure risks, you specify the risks you want to detect on computers, and assign a risk level to each risk (for example, Critical, High, or Medium). By default, WatchGuard recommends a risk level for each type of risk. You can change those values, if required. For more information, go to Configure Risks Settings.

Default Risks

WatchGuard Endpoint Security evaluates risks and sets a overall risk level for the computer. The overall risk level matches the highest risk level of the risks on the computer. Default risks vary based on the operating system installed on the computer. Each new version of WatchGuard Endpoint Security updates the risks on all computers.

Risk Description

No protection

The computer has protection installation errors or does not have a license. For more information, go to Protection Status.

Out-of-date protection

The version of the protection engine installed on the computer is out-of-date. The computer is vulnerable to threats. For more information, go to Configure Automatic Knowledge (Signature File) Updates.

Out-of-date knowledge (more than 30 days)

The version of the signature file installed on the computer is out-of-date. The computer is vulnerable to threats. For more information, go to Configure Automatic Knowledge (Signature File) Updates.

No connectivity to knowledge servers

Communications between the computer and the WatchGuard Cloud servers have failed. The computer is not completely protected. For more information, go to Installation Requirements.

No uninstallation protection

The computer is not password protected to prevent unauthorized protection uninstallation or tampering. For more information, go to Configure Security Against Tampering.

Anti-tamper protection disabled

The protection can be modified and tampered with. For more information, go to Configure Security Against Tampering.

File antivirus disabled

The antivirus is disabled. For more information, go to Configure Antivirus Scanning and Configure Mobile Device Security Settings.

Advanced protection for Windows disabled or in Audit mode

Advanced protection is not active or reports threats but does not block or disinfect malware. For more information, go to Advanced Protection.

Advanced protection for Windows in Hardening mode

The advanced protection settings allow execution of unknown programs already installed on user computers but block programs that originate from an external source. For more information, go to Advanced Protection.

Advanced protection for Linux disabled or in Do not detect or Audit modes

Advanced protection is not active or reports threats but does not block them. For more information, go to Advanced Protection.

Anti-exploit protection disabled or in Audit mode

Anti-exploit protection is not active or reports detections but does not take action against them. For more information, go to Advanced Protection.

Network attack protection disabled The computer is not protected from network attacks. For more information, go to Configure Workstations and Servers Security Settings and Network Attack Protection — Types of Attacks Detected (Windows Computers).

Anti-phishing disabled

The computer is not protected against fraudulent emails and websites. For more information, go to Configure Workstations and Servers Security Settings.

Web browsing antivirus disabled

The computer is not protected against threats hosted on some web pages and URLs. For more information, go to Configure Antivirus Scanning and Configure Mobile Device Security Settings.

Folder, file, and extension exclusions

There are files, folders, or extensions that are not scanned for malware. For more information, go to Exclude Files and File Paths from Scans and Configure Authorized Software Settings (Windows Computers).

Recent Indicators of Attack The computer reported the detection of indicators of attack (IOAs) in the last 30 days. For more information, go to Configure Risk Type — Recent Indicators of Attack.
Critical patches pending installation

The computer has reported the existence of critical patches that are pending installation.

You can receive notification of this risk immediately or a specified number of days after the patches are published. By default, the number of days is 30, although you can edit this parameter when you enable this risk for evaluation.

For more information, go to Configure Risk Type — Critical Patches Pending Installation.

Audit mode enabled

Endpoint Security detects and reports threats, but it does not block or delete them. When you enable Audit mode in a settings profile, the overall status of the protection applied to the computers that receive the settings does not change. Audit mode does not change the configuration in the management UI.

For more information, go to Configure Audit Mode.

Recommended Risk Level

WatchGuard Endpoint Security sets a default risk level for each risk. This is the risk level when you first open the Settings > Risks page. You can change the default risk level to another risk level, based on your needs.

When WatchGuard releases a new version of WatchGuard Endpoint Security, we might change the default risk level for risks. When you upgrade to a new version of WatchGuard Endpoint Security:

  • Risks that you did not modify the default risk level for automatically update to the new default value recommended by WatchGuard.
  • The default configuration shows the new recommended risk levels.
  • WatchGuard Endpoint Security recalculates the overall risk level for all computers.

WatchGuard Endpoint Security calculates the overall risk level for a specific computer when:

  • Computer settings change.
  • The computer or device moves from one group to another.
  • A new computer or device registers.
  • The license assigned to the computer changes, in some cases.

The overall risk level assigned to a computer matches the highest risk level of the risks detected on it. For example:

  • A computer has five risks. All of the them are active, one of which has a High risk level and the other four have a Medium risk level. The computer overall risk level is High.
  • A computer has five risks. Four risks are active (One has a High risk level and three have a Medium risk level) and one is inactive (with a Critical risk level). The computer overall risk level is High.

Related Topics

Risks Dashboard

Configure Risks Settings