TDR and Windows Defender. Integration Guide

Similar documents
TDR and Microsoft Security Essentials. Integration Guide

TDR and Symantec. Integration Guide

Okta SAML Authentication with WatchGuard Access Portal. Integration Guide

OneLogin SAML Authentication with WatchGuard Access Portal. Integration Guide

Mitel Cloud VOIP. Integration Guide

Threat Detection and Response. Deployment Guide

SecureW2 and Wi-Fi Cloud. Integration Guide

Fireware. AP Deployment Guide. WatchGuard APs Gateway Wireless Controller Fireware OS v12.1

Firebox Cloud. Deployment Guide. Firebox Cloud for AWS and Microsoft Azure

TDR and Kaspersky. Integration Guide

TDR and Avast Business Antivirus. Integration Guide

TDR and Symantec. Integration Guide

TDR and Panda Fusion. Integration Guide

TDR and Malwarebytes. Integration Guide

TDR and ESET Endpoint. Integration Guide

TDR and McAfee. Integration Guide

TDR & Bitdefender. Integration Guide

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

TDR and Sophos Software. Integration Guide

Configuration Example

TDR and Trend Micro. Integration Guide

WatchGuard XTMv Setup Guide

Configuration Example

WatchGuard XTMv Setup Guide Fireware XTM v11.8

SOLO NETWORK. UTM-Enabled Network Protection. Unlocking the Promise of

OUR SECURITY, DELIVERED YOUR WAY

Quick Start Guide WatchGuard Technologies, Inc.

Securing Your Airspace with WatchGuard s Wireless Intrusion Prevention (WIPS)

NetIQ Secure Configuration Manager Installation Guide. October 2016

Quick Start Guide. WatchGuard XCS Platform Appliance Models: 170, 370, 570, 770, and 770R. Guide de démarrage rapide Kurzanleitung Guida introduttiva

Skybox Product Tour. Installation and Starting Your Product Tour Tour Login Credentials: User Name: skyboxview Password: skyboxview

WatchGuard Technologies

Threat Detection and Response Release Notes Introduction

Growth Leadership, Unified Threat Management (UTM) Global, 2010

AP120 INDOOR ACCESS POINT

Integration Guide. AlienVault Unified Security Management (USM)

OUR SECURITY DELIVERED YOUR WAY

Key Features. DATA SHEET

McAfee MVISION Endpoint 1808 Installation Guide


Symantec Industrial Control System Protection (ICSP) Support for DeltaV Systems

McAfee MVISION Endpoint 1811 Installation Guide

Trend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central

NTP Software File Auditor for Windows Edition

PCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity

Integrate Bluecoat Content Analysis. EventTracker v9.x and above

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

Endpoint Security for DeltaV Systems

Odin. SMB Cloud InsightsTM GLOBAL

FIREWALL BEST PRACTICES TO BLOCK

Cisco Jabber for Android 10.5 Quick Start Guide

IBM Proventia Management SiteProtector. Scalability Guidelines Version 2.0, Service Pack 7.0

NetDefend Firewall UTM Services

WatchGuard SSL Web UI 3.2 User Guide

T E C H N I C A L S A L E S S E R V I C E S

Independent DeltaV Domain Controller

Integrate Microsoft Antimalware. EventTracker v8.x and above

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

MOBILE NETWORK ACCESS CONTROL

Configuring Symantec Protection Engine for Network Attached Storage for Hitachi Unified and NAS Platforms

Exclaimer Signature Manager 2.0 Release Notes

Exclaimer Mail Disclaimers 1.0 Release Notes

Safeguarding Cardholder Account Data

Exclaimer Mail Disclaimers 1.0 Release Notes

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

TECHNOLOGY PARTNER. WatchGuardONE Technology Partner Program Guide. Partner. Promote. Solve.

Endpoint web control overview guide

Integration Guide. Eduroam

Cisco Jabber IM for iphone Frequently Asked Questions

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Security Industry Market Share Analysis

Validating Microsoft Exchange 2010 on Cisco and NetApp FlexPod with the F5 BIG-IP System

Performance and Sizing Guide

Citrix Tech Zone Citrix Product Documentation docs.citrix.com November 13, 2018

Integration Guide. NetIQ Sentinel Enterprise

Integrate Symantec Messaging Gateway. EventTracker v9.x and above

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

Configuring Symantec. device

Software-Defined Secure Networks in Action

Integrating Microsoft Forefront Threat Management Gateway (TMG)

Implementing and Supporting Windows Intune

Exclaimer Auto Responder 1.0 Release Notes

Syncplicity Panorama with Isilon Storage. Technote

Enhancing VMware Horizon View with F5 Solutions

WatchGuard System Manager Fireware Configuration Guide. WatchGuard Fireware Pro v8.1

Implementing and Supporting Windows Intune

WatchGuardONE Channel Program

IBM Europe, Middle East, and Africa Services Announcement ZS , dated October 6, 2009

Symantec Endpoint Encryption Full Disk Maintenance Pack Release Notes

Kerio Control. Unified Threat Management without Complexity. Presenters name. Presented by

Symantec Endpoint Protection

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENSv2 for cloud and on-premises deployments

CS 356 Operating System Security. Fall 2013

Ten Things to Know Before Deploying Active Directory. written by Dmitry Sotnikov. White Paper

FIPS Validated i WLAN

Deploying a Next-Generation IPS Infrastructure

Revised: 22 November Integration Guide

HikCentral V1.3 for Windows Hardening Guide

Juniper Sky Advanced Threat Prevention

Transcription:

TDR and Windows Defender Integration Guide

i WatchGuard Technologies, Inc.

TDR and Windows Defender Deployment Overview Threat Detection and Response (TDR) is a collection of advanced malware defense tools that correlate threat indicators from Fireboxes and Host Sensors to enable real-time, automated response to stop known, unknown, and evasive threats. As part of the TDR solution, you install TDR Host Sensors to provide endpoint protection. In some cases, the TDR Host Sensor might have conflicts with the antivirus software installed on your endpoints. To resolve this issue, you can configure exclusions in the antivirus software and in TDR. This document includes information about the integration of a TDR Host Sensor with a host that runs Windows Defender. It does not describe the procedure to set up Threat Detection and Response. For information about how to set up your TDR account, how to enable TDR on a Firebox, and how to install a Host Sensor, see Quick Start Set Up Threat Detection and Response. Integration Summary To avoid conflicts between the TDR Host Sensor and Windows Defender, add these exclusions: Exclusions in TDR for Windows Defender: o C:\Program Files (x86)\watchguard\threat Detection and Response\ Exclusions in Windows Defender for the TDR Host Sensor: o o 64-bit Windows C:\Program Files (x86)\watchguard\threat Detection and Response\ 32-bit Windows C:\Program Files\WatchGuard\Threat Detection and Response\ If the Host Sensor and Windows Defender detect and respond to a threat at the same time, this can cause high utilization of system resources such as CPU, memory, and disk I/O. TDR and Windows Defender Integration Guide 1

Configuration Details To complete this deployment, you must have: An active Threat Detection and Response subscription with Host Sensor licenses Windows 8 or 10 Firebox with Fireware v12.0 or higher TDR Host Sensor 5.2.1.8015 Windows Defender o Antivirus version 1.257.406.0 o Anti-spyware version 1.257.406.0 o Antimalware Client version 4.11.15063.447 o Engine version 1.1.14306.0 o Network Realtime Inspection System Engine version 2.1.14202.0 o Network Realtime Inspection System version 118.1.0.0 The Windows test environment for this deployment included: Windows 8, 10 Enterprise 64-bit Operation System Memory(RAM) 8 GB Processor 4 cores CPU Configure Exclusions in TDR In your TDR account, you can add exclusions to manually identify paths for files and processes that you do not want Host Sensors to monitor. Before you deploy a Host Sensor on computers that have Windows Defender installed, add exclusions for the Windows Defender file paths as TDR Exclusions in your TDR account. To exclude Windows Defender directories, add exclusions with these paths in your TDR account. Folders specified in an exclusion must end with a backslash. C:\ProgramData\Microsoft\Windows Defender\ To add an exclusion in TDR: 1. Log in to your TDR account or managed account as a user with Operator privileges. 2. Select Configuration > Exclusion. 3. Click Add Exclusion. 4. In the Path text box, type the path to exclude. 5. Click Save. 2 WatchGuard Technologies, Inc.

Configure Exclusions in Windows Defender In Windows Defender you add exclusions to identify the paths for files and locations to exclude. To prevent conflicts between the Host Sensor and Windows Defender, we recommend you add exclusions in Windows Defender for the paths used by the TDR Host Sensor. To exclude TDR Host Sensor files on 64-bit Windows add an exclusion for: C:\Program Files (x86)\watchguard\threat Detection and Response\ To add an exclusion in Windows Defender: 1. Open Windows Defender Security Center. 2. Select Virus & threat protection. 3. Click Virus & threat protection settings. 4. In the Exclusions section, select Add or remove exclusions. The Exclusions page appears. 5. Click Add an exclusions. For information about the integration testing methodology, see TDR Testing Methodology. TDR and Windows Defender Integration Guide 3

About This Guide Guide Type Documented Integration WatchGuard or a Technology Partner has provided documentation demonstrating integration. Guide Details WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product. Information in this guide is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WatchGuard Technologies, Inc. Guide revised: 1/17/2018 Copyright, Trademark, and Patent Information Copyright 1998 2018 WatchGuard Technologies, Inc. All rights reserved. All trademarks or trade names mentioned herein, if any, are the property of their respective owners. Complete copyright, trademark, patent, and licensing information can be found in the Copyright and Licensing Guide, available online at http://www.watchguard.com/wgrd-help/documentation/overview. About WatchGuard WatchGuard Technologies, Inc. is a global leader in network security, providing best-in-class Unified Threat Management, Next Generation Firewall, secure Wi-Fi, and network intelligence products and services to more than 75,000 customers worldwide. The company s mission is to make enterprisegrade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for Distributed Enterprises and SMBs. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com. For additional information, promotions and updates, follow WatchGuard on Twitter, @WatchGuard on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org. Address 505 Fifth Avenue South Suite 500 Seattle, WA 98104 Support www.watchguard.com/support U.S. and Canada +877.232.3531 All Other Countries +1.206.521.3575 Sales U.S. and Canada +1.800.734.9905 All Other Countries +1.206.613.0895 TDR and Windows Defender Integration Guide 4

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback