Operating System Compatibility by Feature

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product., WatchGuard EDR Core This topic applies to WatchGuard EDR Core, a service in the Firebox Total Security Suite.

Not all features are available for all supported platforms. Features available differ by computer platform. This table lists available features and the platforms that support them.

Available Features	Windows (Intel & ARM)	Linux	macOS (Intel & ARM)	Android	iOS
General
Web-based management UI
Information in dashboards
Filter-based computer organization
Group-based computer organization
Languages supported in the management UI	11	11	11	16	10
Lists and Reports
Frequency that malware, PUPs and exploit activity, and blocked programs are sent to the server	1 min	10 min	10 min	Immediately after scan completes	N/A
Frequency that other detections are sent to the server	15 min	15 min	15 min	Immediately after scan completes	15 min
List of detections
Executive reports
Scheduled executive reports
Protection
Anti-tamper protection
Anti-phishing
Real-time permanent antivirus protection
Contextual detections
Network attack protection
Anti-exploit protection
Detection of code injection in running processes
Continuous endpoint risk monitoring
Threat Hunting Service (High-fidelity indicators of attack mapped to MITRE ATT&CK)
Advanced IOAs	(Advanced EPDR only)
Zero-Trust Application Service (Hardening and Lock)
Shadow copies
Decoy files
Audit mode
Firewall
Device control
Risk evaluation
Vulnerability assessment
URL filtering
STIX IOCs and YARA rules search	(Advanced EPDR only)
Advanced security policies to reduce the attack surface	(Advanced EPDR only)
Endpoint Access Enforcement
Threat Hunting Service (Non-deterministic indicators of attack mapped to MITRE ATT&CK with contextual telemetry)	(Advanced EPDR only)
Anti-theft
Hardware and Software Information
Hardware
Software
Software change log
Verbose Mode	(Advanced EPDR only)
Information about installed OS patches
Vulnerability assessment
Settings
Security settings for workstations and servers				NA	NA
Password to uninstall the protection and take actions locally
Network access enforcement
Secure access to Wi-Fi network through Access Points
Ability to establish multiple proxies				NA	NA
Ability to use the WatchGuard proxy				NA	NA
Ability to work as a WatchGuard proxy				NA	NA
Ability to work as a repository or cache				NA	NA
Ability to use the repository or cache				NA	NA
Ability to block connections from endpoints	(Advanced EPDR only)
Discovery of unprotected computers
Detection of vulnerable drivers
Email alerts in the event of an infection
Email alerts when finding an unprotected computer
Remote Actions from the Management UI
Real-time actions
On-demand scans					NA
Scheduled scans					NA
Remote installation of the agent
Ability to reinstall the agent and protection
Computer restart
Computer isolation
Authorized software by hash, SHA-256, or program properties
Program blocking by hash, SHA-256, and program name
Ability to report incidents (PSInfo)
Remote shell to manage processes and services, file transfers, command line tools, get dumps, pcap, etc.	(Advanced EPDR only)
Updates and Upgrades
Signature updates					NA
Protection upgrades					NA
Ability to schedule protection upgrades				Google Play	App Store
Modules**
WatchGuard Advanced Reporting Tool
WatchGuard Patch Management	*
WatchGuard Data Control
WatchGuard Full Encryption
WatchGuard SIEMFeeder

* The feature works on Windows (Intel) and partially on Windows (ARM).

** EDR Core does not support Endpoint Security modules.