Knowledge Base Digest - March 2023
07 April 2023
Featured Image
Articles
- Host Sensor upgrade to Endpoint Security
- Install WatchGuard Endpoint Security products on macOS with Jamf Pro 10.x
- Log Search page in WatchGuard Cloud does not show log data from before October 2022
- Network to Endpoint correlation requires Internet traffic for at least 10 minutes
- TDR AD Helper end-of-life
- ThreatSync behavior for Fireboxes v12.8x, v12.9x, with logging and reporting enabled or disabled
- Traffic Management in Fireware OS v11.8.x and Lower
Known Issues
- Archived filter on the Incident Timeline is not applied to the incident list
- Block IP action on Incident Details page does not always change the status
- Cannot manage T80 with 4G/LTE module installed
- False ThreatSync incidents created for APT Blocker clean file responses
- Filters with both an action and action status do not show expected incidents
- Firebox IP address presented for the Block IP action in ThreatSync incidents detected on incoming connections
- Firebox IPv6 incident does not correlate with endpoint
- Firebox M4600 might reboot 3 times on initial startup
- Firebox VPN enforcement fails after TDR upgrade to WatchGuard Endpoint Security
- Hash and URL certificate encoding is not supported for BOVPN certificate negotiation
- If the IP address of an endpoint changes, the correlation temporarily breaks
- Inaccurate incident and record count on Incidents page with some filters
- Incident Details page does not show process information for some incidents
- Incidents for FireClusters show the cluster member name instead of the FireCluster name
- Internal error in WatchGuard Cloud Log Manager and Log Search pages
- Invalid risk in EDR Core (Advanced protection for Windows disabled or in 'Audit’ mode)
- NOT operator does not work in the WatchGuard Cloud Log Search page
- Number of records returned on the Incident page is limited to 1000
- Origin IP address for Remote Desktop connections via RD Gateway detected as "::%16777216"
- Overview page opens instead of the Automation Policies page for an inherited policy
- Process or file information is sometimes missing for an incident
- Service Providers sometimes cannot view the Incident Details page due to permissions issue
- Some filters are applied by default after you click an incident status title
- Some ThreatSync incident types do not include paths
- TDR for macOS devices fails to upgrade to WatchGuard Endpoint Security due to error in server communication
- TDR Host Sensors on macOS fail to upgrade to WatchGuard Endpoint Security
- TDR Upgrade to Endpoint Security wizard does not include EPDR and EDR licenses
- ThreatSync automation policy template is not applied to added account
- ThreatSync does not support Endpoint Security incidents related to PUPs or Advanced Security Policies
- Unable to install or upgrade Endpoint Security software on Windows XP computers
- Upgrade TDR to Endpoint Security wizard stops when the number of Host Sensors matches available endpoints in Endpoint Security license
- WatchGuard Cloud accounts with expired Endpoint Security modules can unexpectedly replace WatchGuard EPP, EDR, or EPDR with EDR Core
- WatchGuard Cloud dashboards should not include data for endpoints with WatchGuard EPP, EDR, or EPDR and EDR Core
