Advanced Protection Issues

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product.

Advanced Protection tracks the activity of programs on your computer and immediately blocks any malicious programs. For more information, go to Advanced Protection.

When you use Advanced Protection, you might experience one or all of these issues:

• High system resource usage that causes your computer to run slowly.
• An error shows in the Advanced Protection dashboard.
• Compatibility problems with third-party software.

To troubleshoot, you must determine whether the issue is because of the firewall infrastructure that Advanced Protection enables or because of Advanced Protection itself.

Firewall Issues

To see whether the firewall on the computer causes the issue, in the WatchGuard Endpoint Security managment UI, move your computer to a profile where you can disable the Advanced Protection toggle, and enable Firewall > Enable the Firewall. If the issue returns, you can conclude that the firewall settings cause the issue.

If you want to report a firewall issue to Support:

• Use the PSInfo tool to gather support-related information.
• Use the NNS Firewall Diagnostics tool to create a firewall NNSDiag diagnostic log.

Advanced Protection Issues

If the firewall does not cause the issue, Advanced Protection might be the cause. If you want to report an Advanced Protection issue to Support:

• Use the PSInfo tool to gather support-related information.
• Use the PSerrortrace tool to generate a diagnostic file.
• Enable Support Access to your WatchGuard Cloud account.

To troubleshoot the Advanced Protection issue:

• Disable the Code Injection toggle, and enable the Advanced Protection toggle. After the changes are applied, restart the computer. If the issue persists, contact Support.

In WatchGuard Endpoint Security software versions lower than 8.00.23.xxx, the Code Injection toggle is named Anti-Exploit.

• If the step above resolves the issue, then it means there is an application that fails in the Code Injection module. You must exclude that application from the Code Injection module, then restart your system.

  To exclude an application, you must end the process for that application. In Windows, you can use Task Manager > Processes to identify and end a process.

  For more information about how to exclude the applications, go to this Knowledge Base Article.

  If the issue resolves, we still recommend that you contact Support to solve the issue permanently.

  To report an issue to Support:

  • Use the PSInfo tool to gather support-related information.
  • Use the PSerrortrace tool to generate a diagnostic file.
  • Enable Support Access to your WatchGuard Cloud account.