David_Carro

Reactions

0 Promote 4 Like 0 Boom 0 LOL 0 Spam 0 Abuse

Comments

  • Hello All, When we deployed Decoy Files Feature, we had some false detections due to programs interacting with our decoy files. Those where solved by changing the conditions for triggering detections If at this point in time, you do have detections on the decoy files, we do have to study the cases independently, as it…
    in Decoy Notifications Comment by David_Carro October 31
  • Hello @lukjrl I am afraid we do not have something like you are asking. Changes on the console will take something between a few seconds to 5 minutes the most. If it takes more that that it will be due to factors outside our reach, like network settings, bottlenecks, resources available on the device or network, etc. You…
    in Force Sync Comment by David_Carro October 30
  • Hello, S_Matt, I will contact you via PM asap. DAvid
    in CPU Drops on VM running EDR Core after update Comment by David_Carro October 6
  • Hello, LHD, Please open a case to [email protected] in order to study your specific case, but if the detection is due to malware or PUPs, you will have to create exclusions for those detected files. Regards, David
    in EDR Core Blocking RDP Comment by David_Carro September 18
  • You can use the msiexec commands for uninstalling, and checking the uninstall string on the registry for the product. You will have to use two commands, as agent and protection do have different uninstalling strings on the registry. And this will not work if you have the uninstalling password enabled on the online console.…
    in Uninstall EPDR from Command/PowerShell Comment by David_Carro September 11
  • Hello, Bruce_Briggs Please check he devices to be discovered are on the same subnet than the discovery device. Check they are using private IPs, as we do not search over public IPs try to ping the devices, that could give you a clue on why is not working, as maybe they are unreachable. This is not determinant, but might…
    in EDR dection of Unmanaged computer alerts Comment by David_Carro April 18
  • Hi, ottl05, Please send an email requesting support to: [email protected] so we can study your case in depth. Kind Regards, David
    in Decoy Notifications Comment by David_Carro April 14
  • Hello, Chris_Kelly At this point you can exclude paths and folders using the instructions on the help url: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Endpoint-Security/manage-settings/exclude-files-paths-from-scans.html Those are the rules accepted to exclude any file/path/extension. If you have…
    in EDR Wildcard/Regex Exclusions? Comment by David_Carro April 13
  • Dear Stewy you still have the ability to perform scans from the online console. Access the EPDR console, click on the Tasks tab, and at the top right click on Add Task--> scheduled scan. There you will be able to set up an immediate or scheduled scan to one or as many devices as you need. Hope this helps.
    in EDPR Manual Scans Missing Comment by David_Carro April 13
  • Hello Robert, Please send the EDR core version running on your devices. Also check if there is an upgrade available: Access the online console for the EDR core. At the top right there is a bell, and it might be having some notifications available. check if you can upgrade to the latest available on your console. Once…
    in Create Decoy Files to help detect ransomware Comment by David_Carro March 31
  • El acceso de los usuarios de soporte se da de forma general para un cliente y todos sus productos, no se puede hacer discernimiento sobre a que productos puede dar soporte o no. Pero puedes presentarlo como sugerencia, en la parte superior derecha de la consola de endpoint de la WG cloud, tienes un botón para enviar…
    in Roles de usuario soporte en cloud de Watchguard para la gestión sólo de Endpoint Comment by David_Carro March 16
  • Hello, Eagsyn. Is this for a reason in particular? Becasuse devices are continuously communicating with the online servers for various reasons. here you can check what are those timely comunications and why are they uploading/downloading info from the cloud: RegisterPerformMandatory (Backend server registry): Every hour…
    in Force Sync Comment by David_Carro March 13
  • Hello Travis TDR has been discontinued, yes. And EPDR has got the EDR module (Called Advanced Protection on the online console) on it, so you are very well protected, if I can say so. David
    in Which EPP/EDR/EPDR combined with HostSensor/TDR Comment by David_Carro March 9
  • PM sent. Please check your PM inbox Have a lovely day, David
    in EPDR Decoy Files Comment by David_Carro March 8
  • Hello Mermet Our recommendation would be to change to EPDR which does have the new EDR integrated in a more interactive form, as in the Advanced Protection module, so you can have all the benefits in one single product. But best to know your needs is to contact our commercial department to discuss needs and offers…
    in Which EPP/EDR/EPDR combined with HostSensor/TDR Comment by David_Carro February 8
  • Keep us informed, let us know if this solved your issue! ;)
    in RDS UDP Issues Comment by David_Carro December 2022
  • Hi, SMSytems But you do not want to exclude the extensions, but the filename: wgua_critical_file All the files on the folders start with the same name: https://wgt-my.sharepoint.com/:i:/g/personal/david_carro_watchguard_com/EYY9qtsEARdDg5CBTnK22NIBNAxcTkjwg9V0cO5lB2Mc1Q So just exclude the common name in all of them, and…
    in RDS UDP Issues Comment by David_Carro December 2022
  • I have just send a PM to you, let me know if you do have any further issues. David
    in Decoy Notifications Comment by David_Carro November 2022
  • No It cannot be changed, but OneDrive can be setup so this files will not be sync with the cloud: OneDrive for Business: You can configure exceptions using group policies. https://docs.microsoft.com/en-us/onedrive/use-group-policy This would be the particular group policy item to configure: Exclude specific kinds of files…
    in RDS UDP Issues Comment by David_Carro November 2022
  • Hi, markhudy When a user opens a session on a TS, the profile folders for that session are stored on the TS. So, if you have access to the TS itself, install the product on the TS device, and all files created on it will be protected. In other words: if you install the protection on the TS device, all session files created…
    in Watchguard EPDR on an Azure Host Pool? Comment by David_Carro November 2022
  • Hello, RadleaTom, If decoy files is disabled and you do still have the wgua_critical files folders, you can delete them, yes. David
    in RDS UDP Issues Comment by David_Carro November 2022
  • hello, @SMSystems Access the online console for this client. Access the tab "Settings" Select "Workstations and Servers" on the left hand side. Now select the profiles affected by this blockage. Expand the General option. There you can exclude from analysis the file for opening the PUREVPN app. Much better if you do…
    in PureVPN Pup Comment by David_Carro June 2022
  • Hello, @davide_evomatic Please try this before opening the case: First, update the OS through windows updates. then check the local root certs on the machine and add/update them: Download and extract the contents for the file CertCheck.zip https://www.pandasecurity.com/resources/tools/certcheck.zip Password is panda (all…
    in Error 11 Watchguard Endpoint Agent Comment by David_Carro June 2022
  • Hi, @kcarpenter. Normally this tmp file is created by us in order to generate a contextual detection. It is called a dummy file to make the AV detect something through ourselves. (hope that makes sense) Probably it is some call for an unwanted and "un-liked" procedure, and we are stopping the call. As @"james.carson" says…
    in Malicious Program temp file from Powershell Comment by David_Carro June 2022
  • Sorry fo the size of the screenshot. But it is good to get feedback from you, as next time, It will be of a correct size. Cheers!
    in Change the email address for alerts etc Comment by David_Carro June 2022