Multi-Tenant Endpoint Security — Enhancements and Resolved Issues

New Features

Service Provider accounts can now centrally configure settings for the new Endpoint Access Enforcement feature. Endpoint Access Enforcement monitors connections to computers on your network to reduce infections from unprotected devices. Service Providers can also enable a toggle to make the settings profile editable by the managed account. When the profile is editable, the managed account can add exclusions for connections from specific IP addresses.

There is also a new Endpoint Access Enforcement list available from the Status menu that shows detected connections on client networks.

Enhancements

• These settings profiles were updated for Service Provider accounts:
  • Program Blocking — You can now block programs by MD5 and SHA-256 codes.
  • Authorized Software — You can now authorize programs by MD5 and SHA-256 codes.
  • Workstations and Servers — You can now centrally enable advanced scanning with AMSI and protection for vulnerable drivers.
• Anti-exploit protection settings were updated. The Advanced Code Injection toggle was removed. To enable anti-exploit protection, you now enable the Code Injection toggle.

Resolved Issues

• Minor updates and bug fixes.

Enhancements

• Service Providers can now centrally run patch installation tasks on test computers to verify patches install successfully before they deploy the patches across the network.
• Service Providers can now enable two-factor authentication (2FA) to help prevent tampering in managed accounts. When enabled, 2FA with an authenticator app such as AuthPoint is required to authenticate and log in to the local management UI or to uninstall the protection software from a device. Service Providers can generate a QR code for all accounts, or multiple QR codes for different accounts and account groups. This feature requires that the endpoint have Windows protection v8.00.22.0023 or higher.

New Features

Patch Installation Results

A new Patch Installation Results list shows Service Providers all of their centrally managed accounts and whether they have Patch Management or not. For accounts with Patch Management, this information is shown:

• Number of patches that were successfully installed
• Number of computers that require a restart
• Number of patch installation or download errors

Service Providers can also export the details of the patches installed in their managed accounts.

Enhancements

• In the workstations and servers settings profile, Service Providers can now select these new Web Access Control content categories:
  • Generative AI – Multimedia
  • Generative AI – Conversation
  • Generative AI - Text & Code
  • Other AI ML Applications

• In the per-computer settings profile, Service Providers can centrally configure Windows computers to enable anti-tampering when they start in Safe Mode with networking enabled. This feature requires Windows protection v8.00.22.0023 or higher on the endpoint.

New Features

Centralized Settings Inheritance for Service Provider Accounts

In the multi-tenant management UI for Endpoint Security, Service Providers can now create and assign settings profiles to the Service Provider accounts they manage. This enhancement includes the ability to keep settings that the managed Service Provider account has already assigned to their managed accounts or account groups. For more information, go to Settings Inheritance for Service Provider Accounts.

Resolved Issues

• Minor updates and bug fixes.

New Features

Security Dashboard

Service Providers can use a new Security dashboard to see an overview of the security status of their managed accounts. The Security dashboard includes information in these tiles:

• Protection status
• Offline computers
• Outdated protection

This release also adds new filters that enable you to check the security status of clients more effectively. For more information, go to Multi-Tenant Endpoint Security Management — Security Dashboard in Help Center.

Enhancements

• The Clients' Protection status list includes these changes:
  • Data shown in the list now corresponds only to the computers that meet the filter criteria you select.
  • A new column shows the number of unmanaged computers discovered.

Resolved Issues

• Minor updates and bug fixes.

New Features

• These new settings are available for Service Provider accounts:
  • Network Attack Protection (Advanced EPDR, EPDR, and EDR only)
  • Remote control (Advanced EPDR only)
    
    

Enhancements

• Service Providers can now assign a settings profile that allows the managed account to add authorized software to the list. If you change the status of the settings from editable to non-editable, changes that the managed account made to the settings profile no longer apply .
• Service Providers can now assign a settings profile that allows the managed account to add scan exclusions to specific files and paths. If you change the status of the settings from editable to non-editable, the exclusions the managed account added to the settings profile no longer apply.
• Patch Management now supports macOS and Linux computers. For managed accounts with Patch Management, Service Providers can create a patch installation task that installs patches based on the operating system. macOS and Linux patches are not included in existing recurring or new recurring Patch Management tasks.

Resolved Issues

• Minor updates and bug fixes.

New Features

• A new Status > Risks by Client page shows Service Providers a list of their clients, including the number of computers with risks and the distribution of risks present on the computer. To see the details for a client, you must open the WatchGuard Endpoint Security management UI for the client. In Account Manager, select the client account.
  
  

Enhancements

• Service Provider Endpoint Manager now shows inside the WatchGuard Cloud user interface, instead of in a separate tab. When you move from one Service Provider account to another in Account Manager, the user interface updates to show endpoint security information for the selected account. Multi-tenant endpoint security management for Service Providers is seamless and no longer referred to as Service Provider Endpoint Manager. To open the multi-tenant endpoint security management UI for a Service Provider account, select Monitor > Endpoints or Configure > Endpoints.

Resolved Issues

• Minor updates and bug fixes.

New Features

• In Endpoint Manager, you can centrally manage and apply security setting profiles for iOS devices on your network through WatchGuard Cloud accounts and account groups. The security features available depend on whether the iOS device is integrated with a mobile device management (MDM) solution and whether it is in supervised mode. For more information, see Manage Endpoint Security Settings Profiles.
  

• You can create and run tasks on multiple clients. You can create, schedule, and launch analysis tasks, as well as patch installation tasks. Installation tasks only affect endpoints with WatchGuard Patch Management in the accounts of your managed clients. For more information, see Manage Tasks.

Enhancements

• In a per-computer settings profile, you can enable shadow copies. Shadow Copies is a Microsoft Windows feature that enables you to restore previous versions of files. Requires Windows protection version 8.00.20.0001 or higher.
• In the Antivirus settings of a workstations and servers settings profile, you can enable decoy files to use as bait to detect attacks that change files stored on computers. Decoy files require Windows protection version 8.00.20.0001 or higher.

Enhancements

• On the Status page, a new Indicators of Attack list shows the detected Indicators of Attack (IOA) for each client account, including the number of affected computers.