Endpoint Security Essentials Study Guide-Panda
Uploaded by
Rahul BhosaleEndpoint Security Essentials Study Guide-Panda
Uploaded by
Rahul BhosaleWatchGuard Training
Endpoint Security Essentials
Study Guide
Adaptive Defense 360, Patch Management, Full Encryption, Advanced Reporting
Tool, and Data Control
Revision Date: June 2021
2 WatchGuard Technologies, Inc.
About This Guide
The Endpoint Security Essentials Study Guide is a guide to help you study for the Endpoint Security Essentials
certification exam.
Information in this guide is subject to change without notice. Companies, names, and data used in examples herein are
fictitious unless otherwise noted. No part of this guide may be reproduced or transmitted in any form or by any means,
electronic or mechanical, for any purpose, without the express written permission of WatchGuard Technologies, Inc.
Guide revised: 6/14/2021
Copyright, Trademark, and Patent Information
Copyright © 2021 WatchGuard Technologies, Inc. All rights reserved.
All trademarks or trade names mentioned herein, if any, are the property of their respective owners. Complete copyright,
trademark, and licensing information can be found in the Copyright and Licensing Guide, available online at
http://www.watchguard.com/help/documentation/.
Address
About WatchGuard
505 Fifth Avenue South
WatchGuard® Technologies, Inc. is a global leader in network security, Suite 500
providing best-in-class Unified Threat Management, Next Generation Seattle, WA 98104
Firewall, secure Wi-Fi, and network intelligence products and services
to more than 75,000 customers worldwide. The company’s mission is
to make enterprise-grade security accessible to companies of all types Support
and sizes through simplicity, making WatchGuard an ideal solution for
Distributed Enterprises and SMBs. WatchGuard is headquartered in www.watchguard.com/support
Seattle, Washington, with offices throughout North America, Europe, U.S. and Canada +877.232.3531
Asia Pacific, and Latin America. To learn more, visit WatchGuard.com. All Other Countries +1.206.521.3575
For additional information, promotions and updates, follow WatchGuard
on Twitter, @WatchGuard on Facebook, or on the LinkedIn Company
page. Also, visit our InfoSec blog, Secplicity, for real-time information Sales
about the latest threats and how to cope with them at
www.secplicity.org. U.S. and Canada +1.800.734.9905
All Other Countries +1.206.613.0895
2 WatchGuard Technologies, Inc.
Contents
How to Use This Study Guide 5
Introduction to Endpoint Security Technology 7
About Endpoint Security 8
Adaptive Defense 360 Protection Model 11
Panda Adaptive Defense 360 16
Overview 17
Get Started with Adaptive Defense 360 18
Device Management 21
Install Adaptive Defense 360 25
View Status 27
Settings Management 32
Troubleshooting Tools 47
Product Features by Platform 50
Patch Management 53
Patch Management Requirements 54
Patch Management Settings 55
Patch Management Status Dashboard 56
Full Encryption 59
Encryption Concepts 60
Supported Authentication Types 61
Supported Storage Devices 62
Full Encryption Requirements 63
Full Encryption Settings 64
Full Encryption Dashboard 66
Advanced Reporting Tool 67
Overview 68
Web Console 70
Search Data 72
Advanced Reporting Applications 75
Endpoint Security Essentials Study Guide 3
Configure Alerts 80
Data Control 88
Data Control Overview 89
Data Control Architecture 92
Data Control Requirements 94
Data Control Settings 95
Data Control Dashboard 97
About the Endpoint Security Essentials Exam 99
Sample Exam Questions 103
Additional Resources 106
4 WatchGuard Technologies, Inc.
How to Use This Study Guide
How to Use This Study Guide
This guide covers the Endpoint Security Essentials course and is a resource to help you study for the certification
exam.
Use this guide in conjunction with instructor-led training, online video training and demos, and the online documentation
to prepare to take the exam.
For a list of recommended documentation and video resources to help you prepare for the exam, see Additional
Resources.
For information about the exam content and format, see About the Endpoint Security Essentials Exam.
Document Conventions
This document uses these formatting conventions to highlight specific types of information:
This is a key point. It highlights or summarizes the key information in a section.
This is a note. It highlights important or useful information.
This is a best practice. It describes the recommended configuration for a feature.
Endpoint Security Essentials Study Guide 5
How to Use This Study Guide
USE CASE:
This is a use case. It describes how you could configure the product or feature in a real-world scenario.
This is a caution. Read carefully. There is a risk that you could lose data, compromise system
integrity, or impact device performance if you do not follow instructions or recommendations.
6 WatchGuard Technologies, Inc.
Introduction to Endpoint Security Technology
Introduction to Endpoint Security Technology
In this section, you learn about the basics of endpoint security, traditional protection models, and the advantages of the
Adaptive Defense 360 advanced protection model.
This includes:
n About Endpoint Security
n Adaptive Defense 360 Protection Model
For a list of additional resources on these topics, see Additional Resources.
Endpoint Security Essentials Study Guide 7
Introduction to Endpoint Security Technology
About Endpoint Security
An endpoint is any device connected to the network, such as a desktop, laptop, mobile device, or server.
Hackers focus on endpoints because they store the most sensitive data and have a high potential of vulnerabilities to
exploit. These exploits enable malicious users to find a weakness and get access to the endpoint, then move laterally to
attack other systems in your network.
n The primary focus of hackers is the endpoint because of the high potential of vulnerabilities
to exploit to get access to the network and attack other endpoints and resources.
n The traditional approach to endpoint protection does not detect and respond effectively to
new security threats.
n Advanced endpoint protection uses a combination of traditional methods and powerful
cloud-based analysis and file classification to actively identify and prevent new threats.
Endpoint Security Threats
Endpoint security threats continue to evolve and proliferate. These threats include:
n Zero-day attacks — New threats that have never been seen before. Traditional protection systems cannot detect
or defend against zero-day threats because they have an isolated view of only known malware activity and have
limited local resources. Traditional models do not have signatures or evidence of behavior to detect zero-day
threats.
n Fileless malware — Malicious software that runs in memory instead of as a physical file on the endpoint's hard
drive.
n Living-Off-The-Land (LOTL) attacks — Attacks where a malicious user gains access to an endpoint and uses
legitimate installed software, such as Microsoft Word, Java, Adobe Acrobat Reader, or PowerShell, to perform
further attacks.
n Exploits — Common productivity tools, software applications, browsers, and OS components that malicious
users can exploit. For example, hackers often attack Microsoft IIS web server because of its ability to create
multiple web server processes. Microsoft Office macros can enable malicious users to perform screen and key
logging on unsuspecting users.
n Ransomware — Malicious software that encrypts and locks the contents of a computer and demands a ransom
for the encryption key to unlock the data. Ransomware is a persistent and pervasive threat that can spread
quickly to the entire network. Ransomware enters a network most frequently through email and unpatched
vulnerabilities on clients and servers, and is often targeted at a specific company, department, or user.
8 WatchGuard Technologies, Inc.
Introduction to Endpoint Security Technology
About Endpoint Protection, Detection and Response
There are two main types of endpoint protection:
Endpoint Protection Platform (EPP)
EPP is a solution deployed on endpoint devices (typically agent software) to prevent malware attacks and detect
malicious activity. It is based primarily on signature file detection techniques.
Endpoint Detection and Response (EDR)
EDR combines traditional preventive methods with innovative advanced technologies for the prevention,
detection, and automatic response to advanced threats, as well as investigation capabilities.
The best EDR systems enable you to not only classify executables, but also their behavior. Continuous real-
time monitoring enables the analysis and categorization of all executables, and the ability to take immediate
action in response to new threats.
Endpoint detection and response provides the contextual information to recognize and classify a vast array of
potentially anomalous activities on endpoints. It also provides remedial actions or triggers alerts for the
administrator.
Traditional Endpoint Security Methods
The traditional approach to protect endpoints from security threats uses:
n Signature files that only match known existing viruses and malware
n Security features that might require manual configuration
n Alerts sent only about events known to be malware
n Minimal monitoring of any process activity after the malware infects the endpoint
Traditional methods for endpoint protection include:
n Personal firewalls or managed network firewalls
n Permanent anti-malware software, on-demand and scheduled scans on endpoints
n Managed allowlists and blocklists based on hardware address
n Collective intelligence and pre-execution heuristics
n Web access and content controls
n Anti-spam, anti-phishing, anti-tampering, and email content filters
The main issue with traditional security methods is that over 300,000 new viruses and malware are created every day.
The huge growth in the amount of malware in circulation is in itself a massive brute-force attack on security vendors.
Cybercriminals look to increase the window of opportunity for newly developed threats by saturating the resources
employed by security companies to scan malware. This increases the time between the appearance of a new virus and
the release of the appropriate antidote by security companies. Every security strategy must be based on minimizing
malware dwell time. The longer malware exists on the network, the more time it has to complete its objective, such as
industrial espionage and data theft.
Endpoint Security Essentials Study Guide 9
Introduction to Endpoint Security Technology
A majority of this malicious code is designed to run in the background on a user's computer for a long period of time,
which can conceal the presence of malware on compromised systems. This behavior renders the traditional approach to
endpoint protection gradually ineffective because it cannot detect and respond effectively to new security threats.
Advanced Protection
For the best effectiveness against current and emerging endpoint security threats, you must deploy a combination of
local signature-based technologies, context-based behavioral analysis with the power of cloud-based processing, and
effective remediation to stop the threats.
Advanced protection provides these benefits:
n Based on behavioral intelligence from machine learning and cloud analytics
n Provides comprehensive endpoint activity analysis and visibility
n Protects against all known and unknown threat types, such as malware, fileless attacks, and other malicious
behavior
n Managed service that continuously monitors and categorizes all running applications and processes
n Performs prevention, detection, and remediation services
n Provides detailed forensic information, security audits, and real-time alerts
10 WatchGuard Technologies, Inc.
Introduction to Endpoint Security Technology
Adaptive Defense 360 Protection Model
n Adaptive Defense 360 uses a multi-layer model that combines traditional signature and
heuristic scans with advanced cloud-based analysis, process monitoring and
classification, and threat remediation.
n 100% Attestation Service (also known as the Zero-Trust application service) makes sure
that no applications or processes are trusted until they are analyzed and correctly
classified.
The Panda Adaptive Defense 360 protection model comprises multiple layers of endpoint security technology, including
a unique 100% Attestation Service (Zero-Trust application service), all delivered by powerful cloud-based analytics
servers and a single lightweight software agent that runs on the endpoint.
Adaptive Defense 360 can defend against and perform active remediation of attacks, and allow only software classified
as trusted to run on your network endpoints.
Adaptive Defense 360 provides both an Endpoint Protection Platform (EPP) and Endpoint Detection and Response
(EDR) to:
n Detect compromised systems, early-stage attacks, and suspicious activities.
n Detect malwareless and fileless attacks.
n Provide optimized technology to detect known attacks.
n Provide protection if a previous layer is breached and stop lateral movement attacks inside your network.
Endpoint Security Essentials Study Guide 11
Introduction to Endpoint Security Technology
Adaptive Defense 360 Core Pillars
The Adaptive Defense 360 protection model is based on these core pillars:
n Visibility — Data visibility enables you to see what happens on each endpoint and to detect changes, trends, and
anomalies that reflect emerging security threats.
n Detection — Adaptive Defense 360 monitors running processes and performs real-time blocking of zero-day
attacks, targeted attacks, and other advanced threats designed to bypass traditional antivirus and anti-malware
solutions. It collects a large amount of data to support the artificial intelligence that performs context-based
behavioral analysis, predictions, and threat hunting.
n Response — Adaptive Defense 360 uses the collected forensic data to complete in-depth analysis of every
attempted attack. A variety of advanced tools remediate attacks.
n Prevention — To prevent future attacks, Adaptive Defense 360 actively changes the settings of each protection
module and patches any vulnerabilities discovered in installed operating systems and applications on the
endpoint.
Big Data Analytics Infrastructure
Adaptive Defense 360 hosts a cloud-based server infrastructure that receives a constant telemetry flow from every
endpoint. This telemetry consists of the actions performed by the executable programs monitored by the protection
module, and includes their static attributes and execution context information.
Adaptive Defense 360 uses machine learning and other technology to automate real-time inspection of the telemetry
sent by every endpoint. 99.98% of samples are classified automatically, and the rest are classified by a malware
specialist.
The analysis is done in real environments to avoid anti-scan techniques frequently used by malware.
Adaptive Defense 360 uses artificial intelligence techniques to:
n Scan this data in the cloud
n Evaluate the behavior of each executable program
n Classify each running process
The protection module installed on each endpoint receives the classification and performs the actions required to protect
the endpoint.
Cloud data analysis is much more advanced than the methodology used by traditional solutions that can only detect
known viruses and malware and send any unknown files to the antivirus vendor for manual analysis.
Adaptive Defense 360 analyzes every process that runs on protected endpoints, including legitimate software
processes. Continuously monitoring every process makes sure that malware that masquerades as legitimate software
is correctly classified. Many targeted attacks and other advanced threats operate in stealth mode to evade detection by
traditional protection servers.
12 WatchGuard Technologies, Inc.
Introduction to Endpoint Security Technology
100% Attestation Service
The 100% Attestation Service (also known as the Zero-Trust application service) is a combination of security solutions
and technologies that operate across the network to analyze endpoints, users, data, applications, and cloud
communications. It classifies all processes run on Windows computers without ambiguity or false positives or
negatives. It is one of the Adaptive Defense 360 protection layers.
n The service relies on contextual analysis of corporate assets, users, applications, and data utilization patterns to
minimize risk to endpoints.
n The service denies any execution of a program until it is confirmed as trusted. This enables you to shift away
from unconditional trust (or some level of confidence in network, users, and application activity) to a secure zero-
trust methodology.
n The service uses a combination of an agent installed on the user's computer and cloud-hosted technologies to
automatically classify most running processes. Malware experts analyze and manually classify the remaining
small percentage of unknown files. This approach enables the service to classify 100% of executable files that
run on endpoints, with no false positives or false negatives.
How Adaptive Defense 360 Analyzes Endpoint Processes
Adaptive Defense 360 monitors all the actions triggered by processes that run on protected endpoints and catalogs
each event based on more than 2,000 unique object characteristics.
Adaptive Defense 360 can detect anomalies and threats in these system components:
n Creation and execution of a process or injection of a process in another event
n Creation of a new file by a process, or the opening, editing, or deletion of an existing file
n Creation of a new communication socket, use of a protocol, and direction and origin of a communication
n Creation, modification, or deletion of Microsoft Windows registry keys
n The use of administrative credentials, log in and log out events, installation of processes, and service activity
In addition, threat hunting services use artificial intelligence to monitor application behavior to detect fileless attacks and
other advanced threats. These techniques actively process the data gathered by endpoint detection and response
services to discover new threats.
These services can detect activity such as:
n Brute force RDP attacks.
n The use of Microsoft PowerShell with obfuscated parameters.
n Anomalous interactions with Microsoft Active Directory.
n Local compiled programs.
n Documents with macros or Internet links.
n Registry modifications to run executables when Microsoft Windows starts.
n Code injection into legitimate processes.
n Application and user profiling to detect deviations. For example, detection of a user on this computer who has
never executed a specific type of tool before.
Endpoint Security Essentials Study Guide 13
Introduction to Endpoint Security Technology
Adaptive Defense 360 Protection Model Layers
Panda Adaptive Defense 360 uses a protection model based on the following layers of technology:
n Signature file and Heuristic scanners
n Contextual detections
n Anti-Exploit Technology
n 100 % Attestation Service / Zero-trust application service
n Threat Hunting Service
Signature Files and Heuristic Scanners
Detects known attacks through traditional signature files, and detects malware behavior with heuristic scan
methods.
n Uses virus and malware signature files to detect known malicious files
n Performs generic and heuristic detection of malware behavior
n Blocks specific ransomware URLs
Contextual Detections
Detects fileless attacks that do not use physical malware. This includes:
n Script-based attacks
n Web browser vulnerabilities
n Attacks that use existing legitimate software tools
n Common targeted applications, such as Java, Adobe Reader, Adobe Flash, and Microsoft Office
Anti-exploit Technology
Complements contextual detection and patch management through the detection of fileless attacks that exploit
existing vulnerabilities. This detection is based on the anomalous behavior of exploited processes.
14 WatchGuard Technologies, Inc.
Introduction to Endpoint Security Technology
100% Attestation Service / Zero-Trust Application Service
Included in the product by default for Windows computers to allow the execution of only those programs certified
by Panda Security. It uses a combination of local technologies on the user computer and cloud-hosted
technologies in a big data infrastructure. These technologies are capable of automatically classifying 99.98% of
all running processes. The remaining percentage is manually classified by malware experts. This approach
enables Adaptive Defense 360 to classify 100% of all binaries run on customer computers without false
positives or false negatives.
All executable files found on user computers that are unknown to Adaptive Defense 360 are sent to our big data
analytics infrastructure for analysis.
Threat Hunting Service
Actively detects compromised systems, early-stage attacks, and suspicious activities. Malicious users
continually launch sophisticated attacks, and many threats remain undetected for months if no proactive threat
search procedure looks for traces of attacks.
Endpoint Security Essentials Study Guide 15
Panda Adaptive Defense 360
Panda Adaptive Defense 360
Adaptive Defense 360 (AD360) combines next-generation antivirus protection (NGAV), endpoint detection and
response (EDR), and other security features into one platform.
In this section, you learn about:
n Adaptive Defense 360 and the Aether platform
n How to install Adaptive Defense 360
n How to set up Adaptive Defense 360
n Status dashboards
n How to configure settings
n Remediation tools and troubleshooting
For a list of additional resources on these topics, see Adaptive Defense 360 Additional Resources.
Endpoint Security Essentials Study Guide 16
Panda Adaptive Defense 360
Overview
Adaptive Defense 360 protects the security of all workstations and servers in an organization,
without intervention from network administrators. The Aether platform is the ecosystem where
Adaptive Defense 360 runs.
Panda Adaptive Defense 360 is a managed service that enables organizations to:
n Protect IT assets
n Review any security problems detected
n Develop prevention and response plans against unknown and advanced persistent threats (APTs)
Supported Platforms
Adaptive Defense 360 on the Aether platform is compatible with Windows, Linux, Android, and macOS.
17 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Get Started with Adaptive Defense 360
To get started with Adaptive Defense 360, you must:
n Activate Adaptive Defense 360 and create or link a Panda account
n Open the Adaptive Defense 360 management console
Activate Adaptive Defense 360
After you purchase Adaptive Defense 360, you must activate it on the WatchGuard website. Log in with your
WatchGuard portal user name and password. If you are a partner, click Support Center.
To start the activation process, select My WatchGuard > Activate Products, type or paste your activation key, and
then follow the activation steps.
If this is the first time you activate a Panda product, the activation process prompts you to link your Panda account and
your WatchGuard account. If you do not have a Panda account, you create one as part of the activation process.
About the Panda Account
The Panda account provides administrators with a mechanism to manage login credentials and access Panda Security
services purchased by the organization. With a Panda account, the administrator creates and activates the access
method to Panda Cloud and in turn, to the Panda product web consoles.
Partner Licensing Process
The first time you activate a license for a Panda product, you should consider the following:
n If you have a WatchGuard Partner account, you must link your Panda account and your WatchGuard account. If
you do not have a Panda account, you create one as part of the activation process.
n If you have a Panda Partner account, you must create a WatchGuard Partner account before you activate your
license. To get started, go to https://secure.watchguard.com/BecomeAPartner.
n Your license is activated immediately as a pool license. For pool licenses, the expiration date is determined
when you assign the license.
For more information, see this Knowledge Base article, WatchGuard Partners: How do I activate licenses for a Panda
product from the WatchGuard website?
Customer Licensing Process
Customers activate Adaptive Defense 360 licenses in the WatchGuard Support Center. The first time you activate a
license for a Panda product, you must link your Panda account and your WatchGuard account. If you do not have a
Panda account, you create one as part of the activation process.
Endpoint Security Essentials Study Guide 18
Panda Adaptive Defense 360
It can take up to 48 hours for an end-user license to become active. The expiration date for this
license is based on the activation date.
To access your product's web console, from Panda Cloud, select the Products on Aether platform tile.
For more information, see this Knowledge Base article, WatchGuard Customers: How do I activate licenses for a
Panda product from the WatchGuard website?
Open the Adaptive Defense 360 Management Console
After you complete activation, go to the Panda Cloud login page: https://www.pandacloudsecurity.com/PandaLogin/.
Log in with your Panda Security account.
To open the Adaptive Defense 360 management console, select the Adaptive Defense 360 tile.
Navigate the Console
The Adaptive Defense 360 management console includes settings to manage your user account and to choose the
information you see.
Multiple Groups
To filter information in the window and only show information collected from computers in the groups you select,
in the upper-right corner, click Multiple groups.
This enables you to focus on a specific group or groups of computers (for example, a group of servers or
computers at a specific location).
General Settings
The General Settings menu is available to the right of Multiple groups.
From the General settings menu, you can select these options:
n Online Help
n Administration Guide
n Technical Support
n Suggestion Box
n License Agreement
n Adaptive Defense 360 Release Notes
n Language
n About
19 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
To change the language of the console, from the General settings menu, select Language.
To view the version of Adaptive Defense 360, as well as the version of the protection agents for different
platforms, from the General settings menu, select About.
User Account
The User Account menu is available to the right of the General settings menu.
From the User Account menu, you can select these options:
n Set up my profile — Change the information in your account.
n Change account — Change the user and password you use to log in.
n Log out — Log out of the management console and return to the Panda Cloud login page.
Endpoint Security Essentials Study Guide 20
Panda Adaptive Defense 360
Device Management
Use the Computers page to view, group, and manage your devices.
You use the management console to organize and display managed computers in order to quickly find a device. Before
you deploy, we recommend that you:
n Create the structure of your state
n Uninstall third-party antivirus programs
After you deploy, verify URLs that must be opened with URL Checking in the PSInfo tool.
To manage a network device through the management console, the device must have the Aether agent installed.
Adaptive Defense 360 delivers the Aether agent in the installation package for all compatible platforms.
Devices that do not have an Adaptive Defense 360 license but do have the Aether agent installed appear in the
management console. For these devices, protection is either disabled (if a license has been released) or not installed (if
a license has never been assigned before). Scan tasks and other Adaptive Defense 360 resources will not run.
Adaptive Defense 360 does scan computers with expired licenses for threats, but does not update the signature file and
does not apply advanced protection. In this condition, Adaptive Defense 360 is not an effective solution to combat
threats.
To keep the network protected, we strongly recommend that you renew contracted services.
The Computers page has two panes. The left pane includes the Filters and My Organization tabs and the right pane
displays the details page.
21 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Left Pane
Use the Filters tab and My Organization tab to view and organize managed computers.
Endpoint Security Essentials Study Guide 22
Panda Adaptive Defense 360
Filters Tab
On the Filters tab, you can dynamically group computers on the network based on settings and conditions that describe
the characteristics of devices.
You can use logical operators to produce complex filters. For example, you can organize your computers by operating
system, software, or by custom filter with specific rules for settings, protection status, hardware, software, range of IP
addresses, groups, or latest proxies used by the agent.
My Organization Tab
An administrator can manually assign computers to a group. Use the My Organization tab to create a multi-level
structure of groups, subgroups, and computers. The organizational tree can be a custom tree, the company Active
Directory tree, or a combination of the two.
The Active Directory tree is generated automatically. To integrate a computer into a custom
group or into an Active Directory path, you must install an agent on the computer. You can
move computers from one path to another as required.
Right Pane
When you select a computer from the list of computers, the right pane displays details of the hardware and software
installed, as well as the security settings assigned to it.
The details pane includes these sections:
n General — Displays information to help identify the computer.
n Notifications — Details of any potential problems.
n Details — Summary of the hardware, software, and security settings of the computer.
23 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
n Hardware — Hardware installed on the computer, its components and peripherals, as well as resource
consumption and use.
n Software — Software packages installed on the computer, as well as versions and changes.
n Settings — Security settings and other settings assigned to the computer.
n Toolbar — Operations available for the managed computer.
If the window is not large enough, some tools are hidden.
Endpoint Security Essentials Study Guide 24
Panda Adaptive Defense 360
Install Adaptive Defense 360
Installation requirements for Adaptive Defense 360 differ for different platforms.
Before you install Adaptive Defense 360, make sure you meet these requirements:
System Requirements
For a list of system requirements, see the appropriate Knowledge Base article:
n Windows — Installation requirements of products based on Aether Platform for Windows
n Linux — Installation requirements of products based on Aether Platform for Linux platforms
n macOS — Installation requirements of products based on Aether Platform for macOS platforms
n Android — Installation requirements of products based on Aether Platform for Android platforms
Communications Requirements
If you have a firewall, proxy server, or other network restrictions, to install and operate Adaptive Defense 360,
you must allow access for communications from the server or console to these servers:
n Updates and Upgrades server
n Collective Intelligence server
For more information, see the list of URLs and ports you must allow in this Knowledge Base article: URLs and
ports required for products based on Aether Platform to communicate with server.
Discovery and Remote Installation Requirements
Aether Platform-based products include tools to locate unprotected workstations and servers and to initiate a
remote unattended installation from the management console.
For more information about the requirements for discovery and remote installation, see this Knowledge Base
article: Requirements for the discovery of computers and remote installation in products based on Aether
Platform.
Remote installation is only compatible with Windows platforms.
25 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Installation Methods
You can use these methods to install Adaptive Defense 360:
n Local — Install from MSI file, installer URL, or manually
n Remote (Windows only) — Install with discovery and deployment
n Centralized tools — Install from the command line through Panda Systems Management or Active Directory
n Gold image (Windows only) — For more information, see this Knowledge Base article: How to create an
image for Windows persistent and non-persistent environments (VDI) with products based on Aether Platform.
Uninstall Adaptive Defense 360
You can either uninstall the Adaptive Defense 360 software locally from the control panel of the operating system on
each computer, or remotely from the console (Windows computers only).
When you uninstall Adaptive Defense 360, the associated counters, such as malware detected, blocked URLs, filtered
mails, and blocked devices, are removed from the management console. When you reinstall the software, the counters
are restored.
Endpoint Security Essentials Study Guide 26
Panda Adaptive Defense 360
View Status
Use the Status page to select dashboards and lists to quickly view information about the
computers you manage.
Dashboards
Adaptive Defense 360 collects information and presents it graphically in dashboards in the management console. You
can open dashboards from the left pane menu. Click the data on a dashboard to view more details.
These dashboards are available:
n Security — Shows the security status of the IT network.
o Offline Computers: Shows computers that have not connected to the Panda Security cloud for a specified
amount of time.
o Outdated Protection: Shows computers whose signature file is more than three days older than the latest one
released by Panda Security. It also displays the computers whose antivirus engine is more than seven days
older than the latest one released Panda Security.
o Protection Status: Shows computers where Adaptive Defense 360 is working properly and those where there
are errors or problems with installation or the protection module.
o Programs Blocked by the Administrator: Shows the number of execution attempts recorded across the IT
network and blocked by Adaptive Defense 360 based on the settings defined by the network administrator.
o Programs Allowed by the Administrator: Shows programs that the administrator allows when a user cannot
wait for an unknown item that is classified as a threat to run.
o Classification of All Programs Run and Scanned: Shows the percentage of goodware and malware items
seen and classified on the customer network during the time period specified by the administrator.
27 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
o EDR Activity: Shows the details of malware, PUP and Exploit detections, plus the Currently blocked
programs being classified.
o Exploit Activity: Shows the number of vulnerability exploit attacks suffered by the Windows computers on
the network.
o Exclusions: Shows exclusions, such as Allow blocked items being classified, processes classified as
threats, and detection of malware, PUPs, etc.
n Web access and spam — Shows information about blocked and filtered Internet content and unsolicited email.
n Patch management — Shows updates for the operating system and third-party software installed on your
computers.
n Full encryption — Shows the encryption status of the computer's internal storage.
n Licenses — Shows the status of your licenses. This includes Computer with a license, Computer without a
license, and Excluded.
Endpoint Security Essentials Study Guide 28
Panda Adaptive Defense 360
Licenses Dashboard
When you install the software on a computer on the network, if there are unused licenses, the system assigns a free
license to the computer automatically. You can also assign licenses manually. To view details of contracted licenses,
on the Licenses dashboard, click Assigned.
When you uninstall a product from one of your computers, or when a license expires, the system automatically recovers
the license and returns it to the license pool. You can release licenses manually from the Licenses dashboard when you
remove the product license from the Details tab for a computer.
For more information, see the Support article: https://www.pandasecurity.com/en/support/card?id=700021.
29 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
My Lists
More detailed information is available from the My Lists section in the left pane.
Each list displays information in a table. Most dashboard sections have an associated list, so you can quickly see the
information graphically and then get more in-depth data from the lists.
You can add lists to the left pane for quick access.
Endpoint Security Essentials Study Guide 30
Panda Adaptive Defense 360
Scheduled Reports
Adaptive Defense 360 can send reports, by email, that include security information from the computers it protects. This
makes it easy to share information with other people and departments in your organization, and to keep a history of
events beyond the data storage capacity limits of the management console. These reports can help you to monitor
security status closely without the involvement of administrators.
Automated email reports provide stakeholders with information about all security events. You can create reports based
on a previously created list, directly generate an executive report, or create a report for an existing list of filtered devices.
To add scheduled reports and lists, on the Status page, select Scheduled reports from the left pane.
31 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Settings Management
Use the Settings page to manage general settings and security settings.
General Settings
In the General section, you can manage settings such as users, preferences, network settings and services, and
alerts.
Users
On the Users page, you manage users, roles, and permissions.
Use the Users page to:
n Create users
n Define roles for users
n View the activity logged for a user
n Require users to use two-factor authentication
To force users to enable and use two-factor authentication, the user account from that enforces
two-factor authentication must have the Manage users and roles permissions and access to all
computers on the network.
Endpoint Security Essentials Study Guide 32
Panda Adaptive Defense 360
Per-computer Settings
On the Per-computer Settings page, you set preferences and enable automatic updates.
Use the Per-computer Settings page to:
n Show or hide the agent icon on managed computers.
n Enable and schedule automatic updates for:
n Aether Platform communications agent
n Adaptive Defense 360 protection engine
n Signature file for traditional antivirus protection
For more information, see the interactive video, How to Configure a Group of Computers of the
Network Not to Upgrade Automatically.
n Configure security against unauthorized protection tampering.
These security options are enabled by default:
n Request password to uninstall Aether from computers
n Allow the protections to be temporarily enabled or disabled from the computer's local
console (password required)
n Enable anti-tamper protection (prevents users and certain types of malware from
stopping the protections)
33 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Network Settings
On the Network Settings page, you can configure settings templates or configuration profiles.
Use the Network Settings page to:
n Set the language of the Panda agent for one or more computers. You must first create a network settings profile.
n Add the proxy computers you want your computers to use or disable the use of a proxy.
n Enable or disable the real-time communication feature.
n Designate one or more computers on the network with the cache role to automatically download and store all
files required for updates. This enables computers with Adaptive Defense 360 to update the signature file, agent,
and the protection engine without Internet access.
Proxy Types
Adaptive Defense 360 supports various Internet access methods which you can configure to connect to the Panda
Security cloud. When an access method is no longer accessible, Adaptive Defense 360 tries the next method in the list
until it finds one that is valid. If Adaptive Defense 360 gets to the end of the list, it returns to the start and continues until
it has tried all connection methods at least once.
Adaptive Defense 360 supports these connection types:
Endpoint Security Essentials Study Guide 34
Panda Adaptive Defense 360
Proxy Type Description
Do not use proxy Direct access to the Internet. Computers access the Panda Security cloud directly to
download updates and send status reports. If you select this option, the Adaptive
Defense 360 software uses the computer settings to communicate with the Internet.
Corporate proxy Access the Internet through a proxy installed on the company network.
n Address — The proxy server IP address.
n Port — The proxy server port.
n The proxy requires authentication — Select this option if the proxy requires a
user name and password.
n User name — The user name of an existing proxy account.
n Password — The password of the proxy account.
Automatic proxy Use DNS or DHCP to query the network to get the discovery URL that points to the
discovery using Web PAC configure file. If needed, you can specify the HTTP or HTTPS resource that hosts
Proxy Autodiscovery the PAC configuration file.
Protocol (WPAD)
Panda Adaptive Defense Access the Internet through the Adaptive Defense 360 agent installed on a computer on
360 proxy the network. This option enables you to centralize all network communications through
a computer with the Panda agent installed.
To configure the network settings for proxy and cache, you must first add the proxy or cache
computers on the Network Services page. For more information, see the interactive video,
How to Add and Configure a Cache Computer.
35 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Network Services
On the Network Services page, you can set a Panda proxy server.
The Panda agent installed on Windows computers on your network can have three different roles:
n Proxy — Enables computers without direct Internet access to use the proxy installed on your network. If no
proxy is accessible, you can assign the proxy role to a computer with Panda Adaptive Defense 360 installed.
n Discovery — Installs and deploys Panda Adaptive Defense 360 across your network through the discovery
feature.
n Cache — Automatically downloads and stores all files required by other computers with Panda Adaptive
Defense 360 installed. This saves bandwidth, because each computer does not have to download updates
separately.
Endpoint Security Essentials Study Guide 36
Panda Adaptive Defense 360
VDI Environments
To facilitate license assignment, on the VDI Environments page, you can specify the maximum number of computers
that can be simultaneously active in a non-persistent virtualization environment.
Virtual Desktop Infrastructure (VDI) is a desktop virtualization solution that hosts virtual machines in a data center
accessed by users from a remote terminal with the aim to centralize and simplify management and reduce maintenance
costs.
There are two types of VDI environments:
n Persistent VDIs — Storage space assigned to each user persists between restarts, including the installed
software, data, and operating system updates.
n Non-persistent VDIs — Storage space assigned to each user is deleted when the VDI instance is restarted,
returning to its initial state and undoing all changes made.
With a non-persistent VDI, storage space assigned to each user is deleted when the VDI
instance restarts. The VDI instance returns to its initial state and all changes are undone.
37 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
My Alerts
Email alerts are messages that Adaptive Defense 360 sends to a specified recipient email address when an event
occurs.
On the My Alerts page, you can select which alerts to receive and specify the email address to receive them.
Endpoint Security Essentials Study Guide 38
Panda Adaptive Defense 360
Security Settings
In the Security section, you can also manage security settings for:
n Workstations and servers
n Program blocking
n Android devices
n Patch management
Workstation and Servers
On the Workstation and Servers page, you add and edit security settings for computers and servers. Enter a name
and description for the settings and then select the computers you want to apply the settings to.
General Settings
In the General sub-section, you specify alerts, update options, uninstalled security products, and exclusions.
Local Alerts
Enable malware, firewall, and device control alerts. The administrator can enter text to display in local alerts for
computer isolation, detections (antivirus), detections (by behavior), advanced security policies, and program
blocking.
Updates
Configure options related to product updates.
39 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Uninstall Other Security Products
Configure whether to uninstall other security products.
Exclusions
Configure these types of exclusions:
n File exclusions — Exclude files stored on the hard disk by extension, file name, or directory. Separate
exclusions with commas (,).
For more information, see the Knowledge Base articles on general exclusions and Panda and TDR Host
Sensor exclusions.
n Email exclusions — Make exclusions recommended by Microsoft to improve the performance of
Exchange Server. You can also exclude email attachments by file extension.
Advanced Protection
In the Advanced Protection sub-section, you can enable advanced protection to track the activity of every program on
your computers, and immediately detect and block malicious programs. Advanced protection includes direct monitoring
by Panda lab technicians.
Operating modes for advanced protection (Windows only)
Audit — Reports on detected threats but does not block or disinfect the malware detected.
Hardening — Removes malicious and potentially malicious programs. Blocks unknown programs from the
Internet, from other computers on the network, or from external storage drives until the Panda lab determines
whether they are malware. Allows any other unknown program to run while it is analyzed by the lab.
Lock — Prevents all unknown programs from running until they are classified.
You can also report blocking to computer users and add a custom message to alerts.
Detect malicious activity (Linux only)
There are three modes: Audit, Block, and Do not detect. To avoid possible issues on some computers, detected
malicious actions are not blocked by default.
Unless you know that the detected malicious activity is a legitimate action, we recommend that you
set the mode to Block.
Anti-exploit
Anti-exploit protection prevents access to computers on the corporate network by malicious programs. There are
two modes: Audit and Block.
Audit
Reports detected exploits in the administrative console. Does not take action against the detected programs
or display any information to the user of the computer.
Block
Blocks exploit attacks. This might force the compromised process to end.
Endpoint Security Essentials Study Guide 40
Panda Adaptive Defense 360
Report blocking to the computer user — Notifies the user and automatically ends the compromised
process, if required.
Ask the user for permission to end a compromised process — Prompts the user to end the
compromised process, if necessary.
Every time a compromised computer needs to restart, the user must provide confirmation, regardless of
whether the Ask the user for permission to end n compromised process option is selected.
Anti-exploit protection is disabled by default to improve compatibility with any third-party
security solution installed on the network that uses similar technology. With this protection
disabled, Adaptive Defense 360 does not detect and block vulnerability exploit attacks and
metasploit malware. Other security modules do detect and block dangerous actions that
threaten the system.
To make sure that anti-exploit protection works correctly with third-party security solutions
installed, we recommend that you enable it gradually on your computers.
Privacy
Adaptive Defense 360 can include the full name and path of files sent to the cloud for analysis in reports and
forensic analysis tools. If you do not want to send this information to the Panda Security cloud, you can disable
this option.
Adaptive Defense 360 can also show the user who was logged in to the computer on which a detection occurred.
If you do not want to send this information to the Panda Security cloud, disable this option.
Network Usage
Adaptive Defense 360 sends every unknown executable file found on user computers to the Panda Security
cloud for analysis.
This has no impact on the performance of the network. By default, each agent can transfer a maximum of 50 MB
of files in an hour.
Adaptive Defense 360 sends unknown files to the cloud only once for all users. Bandwidth management
mechanisms minimize the impact on the network.
To allow unlimited file transfers, set the value to 0.
41 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Antivirus
In the Antivirus sub-section, you can configure these settings:
n Antivirus – Enable or disable antivirus protection for files, email, and web browsing.
n Threats to detect – Detect viruses, detect hacking tools and PUPs, block malicious actions, and detect
phishing.
n File types – Scan compressed files in emails, on disk, and all files regardless of their extension when they are
created or modified.
Firewall (Windows computers)
Panda Adaptive Defense 360 provides three tools to filter the network traffic that protected computers send and receive.
System Rules
Rules that allow or deny data traffic that has specific communication characteristics, such as ports, IP
addresses, or protocols.
Program Rules
Rules that allow or prevent communication from programs installed on user computers to other computers.
Intrusion Detection System
Rules that detect and reject malformed traffic patterns that can affect the security or performance of protected
computers.
In the Firewall section, you select these settings:
n Let computer users configure the firewall – Enable end users to manage the firewall protection from their
local console.
n Network type – Laptops and mobile devices can connect to networks with different security levels, from public
Wi-Fi networks, such as those in Internet cafés, to managed and limited-access networks, such as the one in
your office. Set the default behavior of the firewall to:
o Manually select the type of network that the computers in the configured profile usually connect to.
o Enable Panda Adaptive Defense 360 to select the most appropriate network type.
n Program rules – Specify which programs can communicate with the local network and Internet.
n Connection rules – Define TCP/IP traffic filtering rules. Adaptive Defense 360 extracts the values of some
fields in the headers of each packet that protected computers send and receive, and checks them against the
rules you define. If the traffic matches a rule, Panda Adaptive Defense 360 takes the specified action.
Device Control (Windows computers)
The Device Control sub-section enables you to configure how the protected computer behaves when it connects or
uses a removable or mass storage device.
To configure exceptions, select the allowed device and click the Exception icon.
Endpoint Security Essentials Study Guide 42
Panda Adaptive Defense 360
Web Access Control
The Web Access Control sub-section enables you to control access to the Internet. For example, you can allow web
access at specific times of the day, deny access to websites in different categories, and always allow or deny access
to specific URLs and domains.
43 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Antivirus for Exchange Servers
Adaptive Defense 360 protects Microsoft Exchange email servers with two features: Mailbox protection and Transport
protection.
Mailbox Protection
This protection applies to Exchange servers with the Mailbox role, and scans folders and mailboxes in the
background or when the server receives messages and stores them in user folders.
Mailbox protection can manipulate items contained in the body of scanned messages. It can replace any
dangerous item it finds with a clean one and move dangerous items to quarantine.
Mailbox protection scans the Exchange server user folders in the background. This protection uses smart scans
to avoid a rescan of scanned items. Every time a new signature file is published, the protection scans all
mailboxes and the quarantine folder in the background.
Transport Protection
This protection applies to Exchange servers with the Client Access, Edge Transport, and Mailbox roles, and
scans the traffic that goes through the Exchange server.
This protection cannot manipulate items contained in the body of scanned messages. The body of dangerous
messages is treated as a single component. Every action Adaptive Defense 360 takes — delete the message,
quarantine it, let it through without any action, etc. — affects the entire message:
Anti-Spam for Exchange Servers
In the Anti-Spam for Exchange Servers sub-section, you can enable anti-spam protection. When you do this, you are
prompted to add exclusion rules to improve the performance of your mail servers.
You can specify the action to perform on spam messages, such as let the message through, delete the message, or flag
with SCL (Spam Confidence Level). You can also configure lists of email addresses and domains that you always want
to allow or delete.
Content Filtering for Exchange Servers
The Content Filtering for Exchange Servers sub-section enables you to filter email messages based on the file
extension of attachments. For example, you might want to always delete messages with attachments that have an
.EXE or .ZIP file extension.
Endpoint Security Essentials Study Guide 44
Panda Adaptive Defense 360
Program Blocking
On the Program Blocking page, you can prevent the execution of programs that are dangerous or that you do not want
your users to run. For example, you might decide to block programs that use too much bandwidth, pose a security
threat, or affect user or computer performance. You can identify programs to block by name or MD5 code.
45 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Android Devices
On the Android Devices page, you can specify security settings for Android devices.
Updates
In the Updates sub-section, you can enable Aether updates over Wi-Fi only.
Antivirus
In the Antivirus sub-section, you can enable always-on protection and specify whether to scan applications from
unknown sources before you install them. To add an exclusion, you can enter the name of the Android executable
(com.example.myapp).
Anti-Theft
In the Anti-Theft sub-section, you can enable features that prevent data loss and help users to locate devices in the
event of loss or theft.
For information on the Patch Management page and Data Protection section, see the Panda
Patch Management and Panda Full Encryption learning modules.
Endpoint Security Essentials Study Guide 46
Panda Adaptive Defense 360
Troubleshooting Tools
Troubleshooting tools for Adaptive Defense 360 include remediation tools, the Troubleshooting
Guide, PSInfo, the Knowledge Base, and other documentation.
Remediation Tools
Access remediation tools from the menu in the upper-right corner of the Computers tab. Remediation tools are also
available from the menu beside each computer or device.
To view remediation tools that require action in the management console, on the Computers page, select a computer
and select the more options icon. Available options show in the menu that appears.
Scan now / Schedule scan
Enables scheduled and immediate scans.
Restart
Enables the administrator to restart computers remotely.
Automatic disinfection
Performed by real-time advanced protection and antivirus protection products. When malware is detected, the
products clean the affected items with an appropriate disinfection method. When no method exists, the malware
is quarantined.
Allowing external access to the console
Gives the Panda support team access to the management console.
47 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Isolate computer
Enables administrators to isolate computers on demand to prevent the spread of threats and the extraction of
confidential data.
Report a problem
Contacts the support team through the management console and automatically sends all the information required
for diagnosis.
Reinstall protection / Reinstall agent
Reinstalls protection or the agent remotely from the management console. Available for both Windows
workstations and servers.
Troubleshooting Guide
This online guide provides technicians with information to support customer and partner Adaptive Defense queries.
https://www.pandasecurity.com/enterprise/downloads/docs/product/Webhelp/#t=000.htm
Panda Support Information (PSInfo) and other Support Tools
The Panda Security Information Tools (PSInfo) collects information for the analysis and investigation of issues related
to all Panda products
When you submit a case, make sure that you provide PSInfo with the PSInfo tool.
To run the tool locally on an endpoint, go to:
https://www.pandasecurity.com/psinfo
From the Aether console, select the specific computer and click Report a problem.
The PSInfo window includes two tabs:
n General — Collects computer data.
n Tools — Access different tools to resolve issues with the product, including:
URL Checker
Inspects URLs required to communicate with Panda servers. Use for installation, update and upgrade
issues.
Enable/Disable Advanced Logs
Required for in-depth analysis of certain issues with the product.
Force Sync
Use to check connectivity between the endpoint and the console.
Endpoint Security Essentials Study Guide 48
Panda Adaptive Defense 360
Repair Protection
Use to solve protection errors.
Generic Uninstaller
Removes any trace of the protection.
Advanced Firewall Technology
Use for issues related to the firewall protection.
AD Sample Test File
Use to carry out tests of the Advanced Protection detection capabilities.
Additional Tools
PSErrorTrace: Use for installation, scans, or third-party issues
NNSDiag: Use for firewall issues
WinDBG: Use to create a post-mortem dump to analyze process crashes
Knowledge Base and Documentation
Answers to frequently asked questions about Adaptive Defense 360 are from the Knowledge Base articles on the
Panda Support website. Key articles include:
n Getting Started Guide
n System Requirements for Windows
n URLs and Ports Required
n Best Practices for Upgrades
WatchGuard partners and customers can also review the Administration Guide and find information in the Panda
Support Center:
https://www.pandasecurity.com/en/support/watchguard-customers/
49 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Product Features by Platform
Features available in Aether-based products differ by computer platform.
This table lists available features and the platforms that support them.
Available Features Windows Linux macOS Android
General
Web console
Information in dashboards
Filter-based computer organization
Group-based computer organization
Languages supported in the local console 11 11 11 16
Lists and Reports
Frequency of sending detections to the server 15 min 15 min 15 min Immediately after scan
completes
List of detections
Executive reports
Scheduled executive reports
Protections
Real-Time permanent antivirus protection
Advanced protection (Adaptive Defense)
Anti-Tamper protection
Anti-Exploit protection
Firewall
Endpoint Security Essentials Study Guide 50
Panda Adaptive Defense 360
Available Features Windows Linux macOS Android
Device control
URL filtering
Settings
Security settings for workstations and servers NA
Password for uninstalling the protection and taking
actions locally
Ability to establish multiple proxies NA
Ability to work as a Panda proxy NA
Ability to use the Panda proxy NA
Ability to work as a repository or cache NA
Ability to use the repository or cache NA
Discovery of unprotected computers
Email alerts in the event of an infection
Email alerts when finding an unprotected computer
Remote Actions Taken from the Web Console
Real-Time actions
On-Demand scans
Scheduled scans
Remote installation of the Panda agent
Ability to reinstall the agent and the protection
Computer restart
51 WatchGuard Technologies, Inc.
Panda Adaptive Defense 360
Available Features Windows Linux macOS Android
Computer isolation
Program blocking by hash and program name
Ability to report incidents (PSInfo)
Updates and Upgrades
Signature updates
Protection upgrades
Ability to schedule protection upgrades Google Play
Endpoint Security Essentials Study Guide 52
Patch Management
Patch Management
Patch Management is a built-in module on the Aether platform that finds computers on the network with known software
vulnerabilities and updates them automatically. It minimizes the attack surface and protects your workstations and
servers from malware that exploits software flaws.
To manage the Patch Management module correctly, in Patch Management settings, select
Disable Windows Update on Computers.
In this section, you learn about:
n Requirements
n How to configure settings
n Status dashboard
For further information, see Additional Resources.
53 WatchGuard Technologies, Inc.
Patch Management
Patch Management Requirements
Patch Management supports Windows operating systems.
Patch Management detects both third-party applications with uninstalled patches or in EOL (end-of-life) stage as well as
all patches and updates published by Microsoft for its products (operating systems, databases, Office applications,
etc.).
Endpoint Security Essentials Study Guide 54
Patch Management
Patch Management Settings
To view Patch Management settings in the Adaptive Defense 360 Aether console, select Settings, then from the left
pane, select Patch Management.
The Patch Management Settings dashboard contains these settings:
n Disable Windows Update on Computers — To manage updates exclusively without interference from local
Windows Update settings, enable the Disable Windows Update on Computers toggle.
n Automatically Search for Patches — To enable patch search functionality, enable the Automatically Search
for Patches toggle. If the toggle is not enabled, the lists in the module do not display uninstalled patches.
n Search Frequency — To specify how frequently Patch Management searches the database for uninstalled
patches, from the drop-down menu, select a frequency.
n Patch Criticality — To specify which patches Patch Management searches for, enable the toggles under Patch
criticality.
55 WatchGuard Technologies, Inc.
Patch Management
Patch Management Status Dashboard
To access the Patch Management Status dashboard in the Adaptive Defense 360 console, select Status, then from the
left pane, select Patch Management.
The Patch Management Status dashboard shows:
n Patch Management Status
o Enabled
o No information
o Error installing
o Error
o No license
n Time Since Last Check
o > days
o > 7 days
o > 30 days
n End-of-Life Programs
o Currently in EOL
o In EOL (currently or in 1 year)
o With known EOL date
n Available Patches
o Security Patches — Critical, Important, Moderate, Unspecified
o Other Patches (non-security-related)
o Service Pack
n Last Patch Installation Tasks
Endpoint Security Essentials Study Guide 56
Patch Management
Available Patches
In the Available Patches section of the dashboard, below the three types of patches, you can select View All
Available Patches to open the Available Patches page.
To view recent high and critical vulnerabilities for which exploits are available, select Currently Exploited
Vulnerabilities at the top of the page.
To show filter options for available patches, on the Available Patches page, click Filters.
Available Patches filters include:
n Computer type — Workstation, Laptop, Server
n CVE (Common Vulnerabilities and Exposures) — ID that describes the vulnerability associated with a patch
n Computer — Name of the computer with outdated software
n Program — Name of the outdated program or Windows operating system with uninstalled patches
n Patch — Name of the patch or update and any additional information (release date, Knowledge Base number,
etc.)
n Criticality — Other patches (non-security related), Critical (security-related), Important (security-related),
Moderate (security-related), Low (security-related), Unspecified (security-related), Service Pack
n Installation — Pending, Requires Manual Download, Pending (manually downloaded), Pending Restart
Below the filters, select a computer from the list, then click at the end of the row to see options.
57 WatchGuard Technologies, Inc.
Patch Management
The menu options are:
n Install — Creates a quick task to immediately install the patch on the computer.
n Schedule Installation — Creates a scheduled task to install the patch on the computer.
n Isolate Computer — Isolates the computer from the network.
n View all Available Patches for the Computer — Show all available patches for the computer that have not
been installed.
n View which Computers have the Patch Available — Shows all computers that have the patch available for
installation.
Below Available Patches on the Patch Management dashboard, you can select View Installation History to view
your patch installation history.
Endpoint Security Essentials Study Guide 58
Full Encryption
Full Encryption
This sections describes how to use Full Encryption to manage encryption on network computers protected by Adaptive
Defense 360.
Full Encryption uses BitLocker software installed on some versions of Windows 7 and higher to encrypt and decrypt the
data stored on the computer drives. Full Encryption installs BitLocker automatically on compatible server versions.
This section covers the following topics:
n Encryption concepts
n Supported authentication types
n Supported storage devices
n Requirements
n How to configure settings
n Dashboard
For further information, see Additional Resources.
59 WatchGuard Technologies, Inc.
Full Encryption
Encryption Concepts
The following concepts are key for proper use of Full Encryption.
TPM
TPM (Trusted Platform Module) is a chip included in the motherboards of some desktops, laptops, and servers.
TPM chips protect sensitive data, stored passwords, and other information used to log in.
PIN and Extended/Enhanced PIN
A PIN (Personal Identification Number) is a sequence of 8 to 20 numbers that serves as a simple password. A
PIN is necessary to start a computer with an encrypted drive. Without a PIN, the boot sequence does not
complete and it is impossible to access the computer. If the hardware is compatible, Full Encryption uses an
extended or enhanced PIN that combines letters and numbers to increase the complexity of a password.
Passphrase
A passphrase is an 8 to 255 alphanumeric password, equivalent to an extended PIN.
USB Key
A USB key enables you to store an encryption key on a USB device formatted with NTFS, FAT, or FAT32.
When connected to a computer, the USB key bypasses the entry of a password to start up the computer.
Recovery Key
When Full Encryption detects an irregular situation on a computer it protects, or if you forget the password, the
computer asks you for a 48-digit recovery key. The recovery key is a managed password — a network
administrator can obtain the recovery key and send it to the user.
System Partition
A system partition is a small, unencrypted portion of the hard disk in a computer that is required for the computer
to correctly complete the startup process. Full Encryption automatically creates a system partition if it does not
already exist.
Encryption Algorithm
The encryption algorithm in Full Encryption is AES-256. Computers with drives that users encrypted with other
algorithms are also compatible.
Endpoint Security Essentials Study Guide 60
Full Encryption
Supported Authentication Types
Full Encryption allows different combinations of authentication methods, based on the OS version and whether the
device includes a TPM chip:
n TPM + PIN — Compatible with all supported versions of Windows. The TPM chip must be enabled in the BIOS
and a PIN must exist.
n Only TPM — Compatible with all supported versions of Windows. The TPM chip must be enabled in the BIOS
(automatically enabled in Windows 10).
n USB Key — Requires a USB device and that the computer can access USB drives during start up.
The USB Key authentication method is required on Windows 7 computers without a TPM chip.
n Passphrase — Available on Windows 8 and higher computers without a TPM chip.
61 WatchGuard Technologies, Inc.
Full Encryption
Supported Storage Devices
Full Encryption encrypts these mass storage devices:
n Fixed storage drives on the computer (system and data)
n Virtual hard drives (VHD) — only used space (as more space is used Full Encryption automatically encrypts the
data)
n Removable hard drives
n USB drives
Full Encryption does not encrypt these storage devices:
n Dynamic hard disks
n Very small partitions
n Other external storage devices
Endpoint Security Essentials Study Guide 62
Full Encryption
Full Encryption Requirements
Full Encryption supports the following operating systems and hardware.
Supported Operating Systems
n Windows 7 (Ultimate, Enterprise)
n Windows 8/8.1 (Pro, Enterprise)
n Windows 10 (Pro, Enterprise, Education)
n Windows Server 2008 R2 and higher (includes Server Core editions)
Hardware Requirements
n TPM v1.2 (and higher when using TPM authentication method)
n USB key and a computer that can read USB devices from the BIOS in Windows 7
63 WatchGuard Technologies, Inc.
Full Encryption
Full Encryption Settings
To access the Full Encryption settings, select Settings, then from the left pane, select Encryption .
Encrypt all Hard Disks on Computers
n If the computer is encrypted with Full Encryption and Encrypt all Hard Disks on Computers is disabled, all
encrypted drives are decrypted.
n If the computer is encrypted but not with Full Encryption, and Encrypt all Hard Disks on Computers is
disabled, there is no change.
n If the computer is encrypted but not with Full Encryption, and Encrypt all Hard Disks on Computers is
enabled, the internal encryption settings change to coincide with the encryption methods supported by Full
Encryption.
Ask for Password Access to the Computer
This setting enables password authentication when the computer starts. Based on the operating system and whether
the computer has TPM hardware, the user must provide these types of passwords:
n Computers with TPM — A PIN type password
n Computers without TPM — A passphrase
If this option is set to No and the computer does not have access to a compatible TPM security
processor, the disks will not be encrypted.
Do Not Encrypt Computers that Require a USB Drive for Authentication
This setting prevents the use of USB devices supported by Full Encryption for authentication.
Endpoint Security Essentials Study Guide 64
Full Encryption
Encrypt Used Disk Space Only
To minimize the encryption time, you can restrict encryption to the sectors of the hard disk that are in use. Sectors
released after a user deletes a file remain encrypted, but the space that was free before the encryption of the hard disk
remains unencrypted and accessible to third parties that use tools to recover deleted files.
Prompt for Removable Storage Drive Encryption
Opens a window that prompts the user to encrypt the external mass storage devices and USB keys connected to the
computer.
65 WatchGuard Technologies, Inc.
Full Encryption
Full Encryption Dashboard
To access the Full Encryption dashboard, select Status, then from the left pane, select Full Encryption.
The Full Encryption dashboard shows the encryption status for all computers, which computers support encryption,
which computers are encrypted, and which authentication methods are applied:
n Status
o Enabled
o No information
o Error
o Disabled
o Error installing
o No license
n Computers Supporting Encryption
o Workstation
o Laptop
o Server
n Encrypted Computers
o Encrypted Disks
o Encrypted by the user
o Encrypted by the user (partially)
o Encrypted (partially)
o Encrypting
n Authentication Method Applied
o Security Processor (TPM)
o Security Processor (TPM) + Password
o Password
n Lists — for more information about how to create and use lists, see View Status.
Endpoint Security Essentials Study Guide 66
Advanced Reporting Tool
Advanced Reporting Tool
In this section, you learn how to use the Advanced Reporting Tool to analyze the data that Adaptive Defense 360
collects, monitor your network, and configure alerts to notify you of security incidents.
In this section, you learn about:
n Advanced Reporting Tool Overview
n Web Console
n Search Data
n Advanced Reporting Applications
n Security Incidents
n Application Control
n Data Access Control
n Configure Alerts
For a list of additional resources on these topics, see Additional Resources.
67 WatchGuard Technologies, Inc.
Advanced Reporting Tool
Overview
For network administrators, it can be difficult to monitor the vast amount of data, logs, alarms, and notifications from
different systems and respond to immediate security threats from zero-day malware.
The Advanced Reporting Tool is a real-time monitor service that uses the information collected from your endpoints by
Adaptive Defense 360. It automatically generates security intelligence data and provides tools to detect and analyze
security threats. The Advanced Reporting Tool can also determine what network users do with their computers, such as
application installation and execution, and bandwidth usage.
Key Benefits
The key benefits of the Advanced Reporting Tool include:
Search
n Quickly perform advanced searches of the data generated by Adaptive Defense 360 to maximize visibility of
all events that occur on your network
n Access historical data to analyze resource security and usage indicators
n Get in-depth information to identify security risks and insider misuse of the network infrastructure
Diagnose
n Reduce the number of tools and data sources required to understand security issues on endpoint devices
and the use of corporate assets
n Extract resource usage and user behavior patterns to help shape your organization's usage and security
policies
Alert
n Send real-time alerts and notifications about security events on your endpoints and network
n Detect security issues and behavior or internal misuse of your networks as they happen
n Define custom alerts based on your own criteria
Report
n Generate detailed customized reports to help you analyze your company’s security infrastructure
n Identify misuse of corporate assets and find behavioral anomalies
n Show the status of key security indicators and track their evolution over time as you apply corrective actions
Endpoint Security Essentials Study Guide 68
Advanced Reporting Tool
Advanced Reporting Applications
You can view advanced, preconfigured application dashboards that provide key indicators, search options, and default
alerts for these functional areas:
n Security Incidents — Shows malware detected across the network and related information about specific
infected endpoints.
n Application Control — Offers detailed information about the applications installed and run on your users'
computers.
n Data Access Control — Displays information about data that leaves your network so you can detect data leaks
and theft.
Alerts
You can configure alerts based on events that indicate a security breach or an infringement of your corporate data
management policy. The alert features include:
n Default alerts that indicate high-risk situations, and the ability to create custom alerts based on your own specific
criteria.
n Several delivery methods available to send alerts to recipients, such as email, HTTP-JSON, Service Desk, Jira,
Pushover, PagerDuty, and Slack.
n Anti-flooding settings to prevent alert floods.
69 WatchGuard Technologies, Inc.
Advanced Reporting Tool
Web Console
The Advanced Reporting Tool web console helps you to visualize the security status of your network, based on the data
gathered by Adaptive Defense 360.
Customized data panels and widgets enable you to view and analyze your security data based on your own
requirements and criteria.
Endpoint Security Essentials Study Guide 70
Advanced Reporting Tool
The main menu provides these options:
n Home — Return to the web console home page.
n Data Search — Search the accumulated Adaptive Defense 360 knowledge data tables. For more information,
see Search Data.
n Administration — Manage alerts and your alert policies. For more information, see Configure Alerts.
n Advanced Reporting — Display the Advanced Reporting Applications. These applications provide interactive
dashboards that analyze and display data gathered by Adaptive Defense 360:
n Security Incidents — Displays the security status and incidents detected on the network. For more
information, see Security Incidents.
n Application Control — Displays data about installed and executed applications on your network. For more
information, see Application Control.
n Data Access Control — Displays information about the bandwidth used and the documents accessed by
applications installed on your network. For more information, see Data Access Control.
n Alerts — Display a page with information about generated alerts. For more information, see Configure Alerts.
n Preferences — Configure options for users that access the web console.
n Social Intelligence — Browse queries shared by users in this domain and other domains.
n Log out — Log out of the web console.
71 WatchGuard Technologies, Inc.
Advanced Reporting Tool
Search Data
The search capabilities of the Advanced Reporting Tool enable you to:
n Perform advanced searches of the data generated by Adaptive Defense 360
n Maximize visibility of all events that occur on your network
n Quickly find in-depth information on security risks
Use the filters and data operations to quickly search for specific incidents, vulnerabilities,
applications, and computers. You can create alerts based on your data search query.
From the main menu, click to start your data search.
Adaptive Defense 360 organizes all the information it collects into knowledge tables. This page shows the knowledge
tables available for you to search.
The knowledge tables you can search are:
Table Description
alert Shows the incidents displayed in the Activity panel of the Adaptive Defense dashboard.
install Logs all the information generated when the Adaptive Defense 360 agent installs on users'
computers.
monitoredopen Logs the data files accessed by applications on users' computers, and the processes that
accessed user data.
monitoredregistry Logs every attempt to modify the registry, and includes registry access related to
permissions, passwords, certificate stores, and other areas.
Endpoint Security Essentials Study Guide 72
Advanced Reporting Tool
Table Description
notblocked Logs items that Adaptive Defense 360 did not scan because of exceptional situations, such
as service timeout on start, configuration changes, and so on.
ops Logs all operations performed by processes seen on the network.
processnetbytes Logs the data usage of processes seen on the network.
registry Logs all operations performed on registry entries typically used by malicious programs to
persist after a computer restarts.
socket Logs all network connections established by the processes seen on the network.
toastblocked Contains a record for each process blocked because Adaptive Defense 360 has not yet
returned a relevant classification.
urldownload Contains information on HTTP downloads performed by processes seen on the network.
vulnerableappsfound Logs every vulnerable application found on each computer on the network.
Click a knowledge table name to show the data in that table.
This example shows the vulnerable applications knowledge table (vulnerableappsfound).
Each row in the table is a monitored event. A set of fields provides the details of each event, such as when the event
occurred, the computer where it was detected, IP address information, and more.
Use the operations toolbar to filter the results or perform other data operations.
For example, based on the criteria you specify, you can create a new column, filter the data, and group data together.
73 WatchGuard Technologies, Inc.
Advanced Reporting Tool
You can also create alerts directly from your search query. For more information, see Configure Alerts.
This example filters the data to show only Windows computers, based on the endpoint machine name.
Endpoint Security Essentials Study Guide 74
Advanced Reporting Tool
Advanced Reporting Applications
The Advanced Reporting applications are preconfigured application dashboards that provide you with specific
information about your network in these areas:
n Security Incidents
n Application Control
n Data Access Control
Security Incidents
The Security Incidents application dashboard enables you to analyze malware activity on your users' computers, and
generate baseline data for forensic analysis of malware incidents.
You can use security incident data to monitor malware detections and execution, and update your
organization’s security policies as required.
The Security Incidents application dashboard shows:
n Malware, exploits, potentially unwanted programs (PUPs), and anomalous processes detected and their
execution status.
n Endpoints with most infection attempts and detected malware.
n Endpoints with vulnerable applications.
This dashboard also provides visibility into the executed applications that are not authorized by your organization's IT
policies:
n Most and least frequently executed applications, such as script-based applications (PowerShell, Linux shell,
Windows cmd shell)
n Remote access applications, such as TeamViewer and VNC
n Unwanted freeware applications, such as Emule and torrent
75 WatchGuard Technologies, Inc.
Advanced Reporting Tool
The Security Incidents dashboard includes these sections:
Key Security Indicators
Provides an overview of malware activity on your network. This includes the types of malware, PUPS, and
exploits detected, the endpoints affected, and if the malware was successfully executed.
Detailed Information
Provides detailed information about the security incidents caused by malware on your endpoints.
Endpoint Security Essentials Study Guide 76
Advanced Reporting Tool
Application Control
The Application Control dashboard offers detailed information about the applications installed and executed on your
users' computers.
Use Application Control data to identify applications that are unwanted, unauthorized, unlicensed,
have known vulnerabilities, consume a high amount of bandwidth, or are scripting, remote
access, or system tools.
You can track the resource usage patterns of your users to enforce and enhance your organization's security policies:
n Find corporate and non-corporate applications that run on your network
n Find vulnerable applications installed on the network that can lead to infection or impact network performance
n Manage Microsoft Office license controls
n Show which applications consume the highest bandwidth
The Application Control dashboard includes these sections:
IT Applications
Shows which applications have executed on your users' computers, and provides basic control of Microsoft
Office licenses in use on your network.
Vulnerable Applications
Indicates the vulnerable applications installed or executed on your users' computers. Use this chart to prioritize
these computers when you update software with known vulnerabilities.
77 WatchGuard Technologies, Inc.
Advanced Reporting Tool
Bandwidth Consuming Applications
Displays the volume and percentage of bandwidth consumed by the applications that run on the network. You
can use this information to identify applications with above average consumption and optimize bandwidth use
across your network.
Special Applications and Tools
Displays scripting, remote access, administrator and system tools as well as unwanted free software
applications that run on the network. This chart also details which applications were run on specific computers
and by specific users, and how many times the application executed.
Data Access Control
The Data Access Control application dashboard displays the data that leaves your network and enables you to detect
data leaks and theft of confidential information.
Data Access Control provides information that enables you to track bandwidth usage, identify
data leaks, and monitor file access and execution activity.
The application can show you:
n Files that network users most commonly access and run.
n Calendar charts and maps that show the data sent over the last year.
n Which users access specific computers on the network.
n Countries that receive the highest number of connections from your network that can indicate malware activity.
The Data Access Control dashboard includes these sections:
Endpoint Security Essentials Study Guide 78
Advanced Reporting Tool
Outbound Network Traffic
Displays information about the volume of data sent from your network. The charts show the absolute and relative
amounts of data transferred, as well as geolocation maps to show the destinations where the largest amount of
data was sent.
User Activity
Displays information about network activity by authenticated users.
Bandwidth Consumers
Displays the application processes and users that used the most inbound and outbound network bandwidth.
Data File Accessed
Displays the files most accessed by your network users, and includes file access and execution statistics by
user and file extension.
79 WatchGuard Technologies, Inc.
Advanced Reporting Tool
Configure Alerts
With the Advanced Reporting Tool, you can configure alerts based on events that indicate a security risk or the
infringement of your corporate data management policy. Alerts help you to react quickly to immediate security risks,
without the need to continuously monitor Adaptive Defense 360 from the management console.
You can define the events that generate an alert, the delivery methods, the frequency of alerts (to
avoid notification floods), and powerful filters to modify alerts before they are sent. This helps you
identify the most critical security events you want the Advanced Reporting Tool to notify you
about.
You can customize the alerts system to configure the conditions that generate an alert, the frequency of alerts, and the
delivery method to alert recipients.
To set up a new alert, you must:
Create an Alert
Define the type of event from the knowledge table that generates an alert.
Configure Delivery Methods
Determine the delivery method and specify the necessary information, such as an email address for email
notifications.
Create an Anti-Flooding Policy
Specify maximum thresholds for alert generation to avoid floods of repeated alerts.
Create and Assign a Sending Policy
Use a sending policy to define these parameters for alert delivery:
n Anti-flooding policy
n Delivery schedule and method
Create Post Filters
Enables you to edit an alert before the Advanced Reporting Tool sends it.
Endpoint Security Essentials Study Guide 80
Advanced Reporting Tool
Create an Alert
Alerts are tasks that monitor active queries to find and report on specific events or conditions.
The system provides several default alerts that are generated by malware detection, bandwidth consumption, and
outbound data detection.
Default Alerts
You can manage the default alerts and the custom alerts you create. To manage alerts, select Administration > Alert
Configuration.
Custom Alerts
To create custom alerts, you can use the Data Search page to search for data and then apply a query filter based on
your specified criteria.
From the main menu, click to start your data search.
81 WatchGuard Technologies, Inc.
Advanced Reporting Tool
Open the required data table, then query the data with the operations and filters necessary to identify the alert condition.
For more information, see Search Data.
Click , then select New Alert Definition from the settings drop-down list.
Configure the alert parameters, such as the alert notification message summary, description, category tag, priority, and
the frequency (period and threshold) settings.
Endpoint Security Essentials Study Guide 82
Advanced Reporting Tool
For example, if you configure the frequency with a period of 5 minutes and a threshold of 30, the
Advanced Reporting Tool does not send an alert until 30 events occur in the 5 minute period. If
60 events occur in that 5 minute period, a second alert is generated. When the period is
complete, the event counter resets.
83 WatchGuard Technologies, Inc.
Advanced Reporting Tool
Configure Delivery Methods
You can create a delivery method for the recipients of generated alerts, and then associate the delivery method with
sending policies to specify how to send alerts and to which recipients.
You can send alerts in various ways, such as email, HTTP-JSON, Service Desk, Jira, Pushover, PagerDuty, and
Slack.
To configure delivery methods, select Administration > Alert Configuration, then select the Delivery Methods tab.
Create an Anti-Flooding Policy
An anti-flooding policy defines a limit to the number of alert notifications to send if the alert is generated frequently over a
short period of time. This prevents recipients from receiving repeated notifications about an alert.
The default anti-flooding policy sends a single alert to a recipient up to five times in a period of one hour. If the event
persists, the recipient receives a reminder after another hour.
To configure the anti-flooding policy, select Administration > Alert Configuration, select the Alert Policies tab, then
select Anti-Flooding Policy.
Endpoint Security Essentials Study Guide 84
Advanced Reporting Tool
Create and Assign a Sending Policy
An alert sending policy enables you to define how, when, and how often to send alerts to specific recipients.
To configure the sending policy, select Administration > Alert Configuration, select the Alert Policies tab, then
select Sending Policy.
85 WatchGuard Technologies, Inc.
Advanced Reporting Tool
Create Post Filters
Click the Post Filters tab to apply actions to generated alerts that meet your specific filter conditions. Actions include
modify the priority, mark the alert as read, or classify the alert as a false positive.
For example, you can change the priority of an alert to High if the event is a high priority security event that you want to
be quickly notified about, such as a high number of port scans in a specific period of time. A single alert can have one or
several post filters.
To configure post filters, select Alerts from the menu, then click the Post Filters tab.
Find an occurrence of the alert you want to create the post filter for. From the Actions column, open the menu, then
select New Filter.
These are the actions you can perform when the alert meets your specified criteria:
n Mark as read — Marks the alert as Watched.
n Change priority — Changes the priority level.
n False positive — Marks the alert as a false positive.
n Change notify method — Changes the delivery method for the alert.
n Delete — Deletes the alert from alert history and does not distribute it.
Endpoint Security Essentials Study Guide 86
Advanced Reporting Tool
Alert Management
To view and manage your generated alerts, select Alerts from the menu.
Click the Alerts Dashboard tab to see the Alerts Overview widget that displays informative charts about generated
alerts, and the Alerts History widget that shows a list of generated alerts.
Click a filter or time range to filter the alerts. You can also click on a column to sort the alerts.
87 WatchGuard Technologies, Inc.
Data Control
Data Control
Data Control is only supported in certain European countries. Although Data Control is included
in Endpoint Security Essentials technical training, there are no questions about Data Control on
the Endpoint Security Essentials technical certification exam.
If Data Control is not supported in your country, you do not need to complete this section.
This section describes how to use Data Control to collect detailed information about files that include PII (Personally
Identifiable Information). The Threat Intelligence Platform receives information from Data Control, processes and
enriches it, then sends it to the Advanced Visualization Tool for advanced visualization and presentation.
This section also covers these topics:
n Data Control overview
n Data Control architecture
n Requirements
n How to configure settings
n Data Control dashboard
For further information, see Additional Resources.
Endpoint Security Essentials Study Guide 88
Data Control
Data Control Overview
Features
Data Control includes these features:
Data Discovery
n Creates an inventory of unstructured files that includes personally identifiable information, along with the number
of times that each information type appears in order to assess its relevance
n Provides information about the characteristics of all files discovered
Data Monitoring
n Monitors actions carried out on PII files (data in use)
n Provides up-to-date inventory of the PII files found on each computer on the network (data at rest)
n Shows the history of attempts to copy or transfer files between computers (data in motion) as well as the means
used in the operation (email client, Web browser, FTP, etc.)
Data Visualization
n Real-time synchronization to the Data Control server to show the results of the discovery and continuous
monitoring of files
n Tools to interpret the events recorded on PII
How Data Control Works
Data Control discovers personal information, monitors and sends events, updates dashboards and knowledge tables,
and detects file exfiltration and infiltration operations.
89 WatchGuard Technologies, Inc.
Data Control
Discover Personal Information
Discovery of personal information runs on the computers protected by Adaptive Defense 360. The agent scans all mass
storage devices connected to the workstation or server (local hard drives, external hard drives, USB drives, and RAM
disks) for unstructured files that contain personal information. This search launches when the Data Control module is
enabled for the first time from the Adaptive Defense 360 console.
Data Control can discover these types of personal information:
n Bank account numbers
n IP addresses
n Addresses and ZIP/postal codes
n Locations (cities) and countries
n First names and last names
n Drivers license numbers
n Personal ID numbers
n Passport numbers
n Social security numbers
n Phone numbers
n Credit card numbers
Supported Countries
n Germany
n Austria
n Belgium
n Denmark
n Spain
n Finland
n France
n Hungary
n Ireland
n Italy
n Norway
n Netherlands
n Portugal
n Sweden
n Switzerland
n United Kingdom
Endpoint Security Essentials Study Guide 90
Data Control
Supported Mass Storage Devices
n Local hard disks
n USB storage devices
n Virtual RAM drives
n CD-ROMS, DVDs, Blu-Ray discs, etc.
Supported File Types
n Office
n OpenOffice
n PDF
n TXT
n HTML
n CSV
Supported Program Extensions, Packers, and Compression Programs
For a full list of supported program extensions, packers, and compression programs, see Additional Resources.
Monitor and Send Events
For every action that a process takes on a PII file, Data Control stores a single event with detailed information about the
elements involved.
Update Dashboards and Knowledge Tables
Based on the information sent by the Adaptive Defense 360 agents, the Data Control server evaluates if the reported
files contain personal data. If it is a PII file, Data Control accumulates all events received to feed the various dashboard
widgets. Data Control adds the data received into the PII knowledge tables so you can filter, search, and analyze the
data. This data is stored for 12 months to enable forensic analysis with tools in the Data Control console.
Detect of file Exfiltration and Infiltration Operations
Data Control monitors specific actions taken by processes that could send or receive data. Machine learning algorithms
assess the probability that those operations are part of an unauthorized data exfiltration/infiltration attempt. Data Control
classifies the operation, and notifies the high probability of a security incident to the administrator (based on
administrator set up of notifications).
91 WatchGuard Technologies, Inc.
Data Control
Data Control Architecture
Data Control consists of these components:
n Adaptive Defense Server (1)
n Computers/devices protected by Adaptive Defense 360 (2)
n Advanced Visualization Tool server and web management console (3)
n Network administrator (4)
n Dashboards/applications (5)
n Accumulated knowledge tables/PII knowledge tables (6)
Adaptive Defense Server
A high-availability server farm that harvests all events related to PII files generated on users’ computers and
servers.
Computers/Devices Protected by Adaptive Defense 360
Generates security intelligence through machine learning technology on big data repositories. This security
intelligence and the events collected from the protected computers are sent directly to the Data Control server.
Advanced Visualization Tool Server and Web Management Console
Generates the widgets, dashboards, and graphical applications that present the collected data in an ordered and
easy-to-understand way.
Network Administrator
The Network Administrator computer used to manage Data Control.
Dashboards/Applications
Relevant information for the IT team appears on the dashboard accessible from the web management console:
n PII file inventory — Provides a daily snapshot of files discovered on workstations and servers on the
network and compares their evolution over time.
Endpoint Security Essentials Study Guide 92
Data Control
n Files and machines with PII — Identifies PII files on the network, and shows the computers they are on
and the actions taken.
n User operations on PII files — Shows the operations that users take on PII files, and provides details of
the physical device they are on (hard disk, USB drive, etc.)
n Risk of PII extraction — Shows actions that could represent a leak of personal data.
Accumulated Knowledge Tables/PII Knowledge Tables
Data Control stores the personal identifiable information (PII) in a single table with the following features:
n Raw data storage — Data Control monitors workstations and servers, along with security intelligence
information generated by the Adaptive Defense 360 server.
n Continuous storage — All processes are continuously monitored and the information sent for storage.
n Real-time storage — Data Control uses real time storage in the PII Knowledge Table as the base to
generate applications and charts in the Adaptive Visualization Tool, and enables you to filter and transform
that data into groups, organization, searches, etc..
93 WatchGuard Technologies, Inc.
Data Control
Data Control Requirements
Data Control requires specific platforms and software.
Supported Platforms
Data Control supports these Microsoft Windows operating systems:
n Windows XP SP3 and higher
n Windows Server 2003 SP1 and higher
Data Control does not support Linux and macOS.
Microsoft Filter Pack Component
Microsoft Office includes the Microsoft Filter Pack component. Only IFilter components that correspond to Microsoft
Office suite products installed on users’ computers are automatically installed.
To install Microsoft IFilter Pack separately, see https://www.microsoft.com/en-us/download/details.aspx?id=17062.
Endpoint Security Essentials Study Guide 94
Data Control
Data Control Settings
Key Concepts
Indexing Process
The indexing process inspects and stores the contents of files supported by Data Control, and generates an
inventory of PII files to enable content-based searches of files. Indexing processes have a low impact on
computer performance but might take considerable time. For this reason, you can schedule the start of the
indexing task or limit its scope to expedite the process and improve the results returned by searches.
PII File Inventory
After a computer is indexed and all entities and PII files identified, Data Control generates an inventory,
accessible to the administrator, with the names of the files and their characteristics.
File Searches
Data Control find files by name, extension, or content on the indexed storage drives of computers on the
network. Searches run in real time — as soon as you launch a search task, it deploys to the target computers
and starts to send results before the task completes.
Open Data Control Settings
To open the Data Control settings, click Settings, then from the left pane, select Data Control.
Personal Data (inventory, searches, and monitoring)
n Generate and keep an up-to-date inventory of personal data — Shows the PII files detected on the
network in the dashboard widgets and in lists. For the PII files stored on a specific computer to appear in the
console, the inventory process must have completed on that computer. You can exclude files.
n Monitor personal data on disk — Monitors the process actions executed on the PII files stored on
computers.
95 WatchGuard Technologies, Inc.
Data Control
n Allow data searches on computers — Enables you to search for files by name or contents, if they are
previously indexed. When you select this option, Data Control starts to index the files stored on user
computers.
n Monitor personal data in email — Monitors the actions executed on personal data stored in email.
Rule-based File Monitoring
This section enables you to monitor files based on defined rules.
Advanced Indexing Options
You can choose between two types of indexing operations based on whether you want to generate an inventory
of PII files across the network or search files by content.
n Index text only — only text is indexed unless it is part of an entity recognized by Data Control. With this option
selected, searches by content will be more limited. Index text only is recommended if you only want to generate
an inventory of PII files across the network.
n Index all content — text and alphanumeric characters are indexed. Index all content is recommended if you
want to perform accurate content searches and generate an inventory of PII files across the network.
Write to removable storage drives
This enables you to specify which computers in the network can write to external USB storage media.
Endpoint Security Essentials Study Guide 96
Data Control
Data Control Dashboard
To open the Data Control dashboard, select Status, then from the left pane, select Data Control.
The Data Control dashboard shows:
n Deployment Status — Shows computers where Data Control runs correctly and computers with errors. The
colored circles and associated counters show the status of the computer. The Deployment Status panel shows
computer status in graphical and percent form.
n Offline Computers
o > 3 days
o > 7 days
o > 30 days
n Update Status
o Updated
o Pending restart
n Indexing Status
o Indexed
o Indexing
o Not indexed
n Features Enabled on Computers
o Searches
o Monitoring
o Inventory
n Files Deleted by the Administrator
o Pending Deletion
o Deleted
o Pending Restore
97 WatchGuard Technologies, Inc.
Data Control
n Files with Personal Data
n Computers with Personal Data
n Files by Personal Data Type
o Personal ID Numbers
o Passport Numbers
o Credit Card Numbers
o Bank Account Numbers
o Driver's License Numbers
o Social Security Numbers
o Email Addresses
o IPs
o First and Last Names
o Addresses
o Phone Numbers
Endpoint Security Essentials Study Guide 98
About the Endpoint Security Essentials Exam
About the Endpoint Security Essentials Exam
The Endpoint Security Essentials exam tests your knowledge of the endpoint security advanced protection model and
how to install, configure, and operate the WatchGuard products: Adaptive Defense 360, Patch Management, Full
Encryption, and Advanced Reporting Tool. This exam is appropriate for students with a basic understanding of network
administration.
Data Control is only supported in certain European countries. Although Data Control is included
in Endpoint Security Essentials technical training, there are no questions about Data Control on
the Endpoint Security Essentials technical certification exam.
Key Concepts
To successfully complete the Endpoint Security Essentials exam, you must understand these key concepts:
Endpoint Security Technology Knowledge
n Threats
n Protection models
n Multi-layered detection technologies
Endpoint Security Product Knowledge
n General understanding of Adaptive Defense 360
n General understanding of Advanced Reporting Tool
n General understanding of Patch Management
n General understanding of Full Encryption
Endpoint Security Essentials Study Guide 99
About the Endpoint Security Essentials Exam
Exam Description
Content
50 multiple choice (select one option), multiple selection (select more than one option), true/false, and matching
questions
Passing score
75% correct
Time limit
Two hours
Reference material
You cannot look at printed or online materials during the exam.
Test environment
This exam is proctored through Kryterion, with two testing options:
n Onsite, at a Kryterion test center
n Online, with a Kryterion online proctor
Prerequisites
The Endpoint Security Essentials technical exam focuses heavily on applied knowledge and troubleshooting of
the product. We strongly recommend you take available courses and practice with the product before you take
the exam.
Prepare for the Exam
WatchGuard provides training and online courseware to help you prepare for the Endpoint Security Essentials exam. In
addition to this study guide, and the training and courseware described below, we strongly recommend that you install
and explore the products before you begin the exam.
Instructor-Led Training
To get hands-on experience, we recommend that you attend an instructor-led training class. Classes are often held in-
region, sponsored by sales or a local WatchGuard distributor. We also offer complimentary VILT technology-based
training classes for partners. WatchGuard end-users can register for a class with our network of WatchGuard Certified
Training Partners (WCTPs).
n Partners — Register for training here (login required)
n End-users — View the current WCTP training schedule on the WatchGuard website
Self-Study Course
WatchGuard offers online and video-based courseware that you can study to help you prepare for the exam. To prepare
for this exam, complete the Endpoint Security Essentials course.
100 WatchGuard Technologies, Inc.
About the Endpoint Security Essentials Exam
The Endpoint Security Essentials courseware is available on the WatchGuard Portal (login required). To see the
content:
n Partners — Log in to the Learning Center and go to Technical Training > Endpoint Security > Endpoint Security
Essentials.
n End users — Go to the Courseware page in WatchGuard Support Center.
Assessment Objectives
The Endpoint Security Essentials Exam evaluates your knowledge of the categories in the list below. For each
category, the Weight column indicates the approximate percentage of exam questions from that category.
Some exam questions require skills or knowledge from more than one category. The weight
does not correspond exactly to the percentage of exam questions.
Category Knowledge Areas Weight
Endpoint Understand the cyberthreat context and the evolution in Endpoint Security 15%
Security technologies that define our protection model.
Technology
n Threats
Basics
n Protection models
n Multi-layered detection technologies
Adaptive Understand the Adaptive Defense 360 protection cycle, learn how to install, deploy, 45%
Defense 360 and configure the protection and manage the security of your network from the web
console.
n Requirements and deployment methods
n Security dashboards and lists
n Device management
n Settings management
n Automatic and manual remediation tools
n Product features by platform
Advanced Interpret the Advanced Reporting Tool dashboards and the specific information they 15%
Reporting Tool provide about your network.
Basics
n Web console data panels and widgets to view and analyze security data
n Advanced searches of the data generated by Adaptive Defense 360 and other
events
n Preconfigured application dashboards to analyze security incidents, control
of IT, vulnerable, bandwidth-consuming or special application or tools
Endpoint Security Essentials Study Guide 101
About the Endpoint Security Essentials Exam
n Data Access Control application dashboard to track bandwidth usage,
identify data leaks, and monitor file access and execution activity
n Alerts and custom settings based on specific criteria
Patch Understand how to use Patch Management to find and update computers on the 20%
Management network with known software vulnerabilities.
Basics
n Requirements
n Dashboards, lists, end-of-life programs, available patches, filters, and
actions menus.
n Download, install, and uninstall patches.
n Settings (Windows updates, automatic search, frequency, criticality, etc.)
Full Encryption Understand how to use Full Encryption to manage encryption on network computers 20%
Basics protected with Adaptive Defense 360.
n Encryption Concepts (TPM, PIN, passphrase, USB, key, recovery key, etc.)
n Supported authentication types
n Supported storage devices
n Requirements (operating system versions and hardware)
n Settings
n Dashboards and lists
102 WatchGuard Technologies, Inc.
About the Endpoint Security Essentials Exam
Sample Exam Questions
The Endpoint Security Essentials exam includes multiple choice, multiple selection, true/false, and matching
questions. This section provides examples of the types of questions to expect on the exam. Answers to each question
appear on the last page.
Questions
1. Which of the following statements about Full Encryption are false? (Select four.)
a. The recovery keys are 32 characters long.
b. All encrypted volumes have the same recovery key.
c. The console does not display the recovery keys for computers encrypted by users.
d. The computer asks you for the recovery keys if you forgot the password.
e. The recovery keys are stored locally on each computer.
f. The recovery keys can be reset by booting into Safe Mode.
2. To install Adaptive Defense 360, you must make sure your network computers have required ports open.
a. True
b. False
3. With Adaptive Defense 360, you can schedule reports but not run reports on demand.
a. True
b. False
4. You activate new Adaptive Defense 360 licenses from WatchGuard Support Center.
a. True
b. False
5. Adaptive Defense 360 includes several remediation actions for a computer or group of selected computers. From
this list, select the valid remediation options. (Select five.)
a. Scan computer
b. Reinstall protection
c. Send to quarantine
d. Restart computer
e. Isolate
f. Reinstall agent
g. Disinfect
h. Log off user
Endpoint Security Essentials Study Guide 103
About the Endpoint Security Essentials Exam
6. With Patch Management, what AD360 configuration option can you use to prevent the installation of a patch on a
specific computer?
a. Isolate computer
b. Uninstall patch
c. Quarantine computer
d. Exclude computer
e. Schedule installation
7. In Advanced Reporting Tool, which of these settings do you configure in a sending policy for alerts? (Select
three.)
a. Anti-flooding policy
b. Post filter
c. Delivery schedule
d. Delivery method
8. You can install Adaptive Defense 360 and Patch Management on the same computer.
a. True
b. False
9. Fileless malware is extremely dangerous because it encrypts the user drive.
a. True
b. False
10. A customer in your organization reported that they see a Protection Error when they open Adaptive Defense 360
on their local computer. What PSInfo tools can you use to try to resolve the error? (Select two.)
a. Force Sync
b. Repair Protection
Enable/Disable Advanced Logs
c. Panda URL Checker
d. PSErrorTrace
e. Advanced Firewall Technology
Answers
Many exam questions test knowledge in more than one area.
1. a, b, e, and f
2. True
3. False
4. True
5. a, b, d, e, and f
6. d
104 WatchGuard Technologies, Inc.
About the Endpoint Security Essentials Exam
7. a, c, and d
8. True
9. False
10. a and b
Endpoint Security Essentials Study Guide 105
Additional Resources
Additional Resources
This guide provides a summary of the basic information covered in training classes, videos, and product documentation.
To increase your skills and knowledge, we recommend that you get hands-on practice with the products and review
other technical resources. This appendix provides a list of additional resources but you should explore the product
documentation for additional details beyond the suggested topics.
To see the videos:
n Partners — Log in to the Learning Center and go to Technical Training > Endpoint Security > Endpoint
Security Essentials.
n End users — Go to the Courseware page in WatchGuard Support Center.
For a list of additional resources for each section of this guide, see:
n Endpoint Security Technology Additional Resources
n Adaptive Defense 360 Additional Resources
n Patch Management Additional Resources
n Panda Partner Center Additional Resources
Endpoint Security Technology Additional Resources
Administration Guide:
n Overview chapter
https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o
AP-guide-EN.pdf
Online Help:
n What is Panda Adaptive Defense 360?
https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h
tm#t=001.htm
Endpoint Security Essentials Study Guide 106
Additional Resources
Adaptive Defense 360 Additional Resources
Information on Adaptive Defense 360 is available from the Administration Guide, Online Help, and Knowledge Base.
Panda Adaptive Defense 360 Administration Guide
https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o
AP-guide-EN.pdf
To interpret the information in the management console accurately and draw conclusions that
help to bolster corporate security, certain technical knowledge of the Windows environment is
required with respect to processes, the file system, and the registry, as well as understanding
the most commonly used network protocols. The primary audience for the guide is network
administrators who manage corporate IT security.
Online Help
http://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.ht
m
Knowledge Base
https://www.pandasecurity.com/en/support/busqueda_completa_
enterprise?idIdioma=2&idSolucion=212&idProducto=196&idArea=1
Overview
Administration Guide:
n Overview chapter
https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o
AP-guide-EN.pdf
Online Help:
n http://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.ht
m
Knowledge Base:
n What is Aether Platform?
107 WatchGuard Technologies, Inc.
Additional Resources
Get Started with Adaptive Defense 360
Administration Guide:
n Panda Account chapter
https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o
AP-guide-EN.pdf
Knowledge Base:
n Information regarding non-validated accounts for Panda Cloud products and services
n How to enable and configure Two Factor Authentication in Panda Adaptive Defense and Endpoint Protection
products?
n Frequently Asked Questions regarding the Panda Account in Panda Cloud products
n How can I access the Web console of Adaptive Defense and Endpoint Protection products?
Install Adaptive Defense 360
Administration Guide:
n Part 3: Deployment and Getting Started section
https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o
AP-guide-EN.pdf
Online Help:
n https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/v10/en/index.ht
m#t=033.htm
Knowledge Base:
Installation and Uninstallation
n How to create an image for Windows persistent and non-persistent environments (VDI) with products based on
Aether Platform
n How to uninstall products based on Aether platform in Windows, Linux, macOS and Android
n Can I install Adaptive Defense 360 on Aether on computers with Adaptive Defense and Endpoint Protection
products?
n How does the automatic discovery of computers work in Aether-based products?
n How to fix errors in the protection and agent of products based on Aether Platform?
n How to install the agent of products based on Aether Platform in Windows, Linux, MacOS and Android?
n Which programs are automatically uninstalled by Adaptive Defense and Endpoint Protection products?
Requirements
n Installation requirements of products based on Aether Platform for Linux platforms
n Installation requirements of products based on Aether Platform for Windows
n Requirements for the cache role settings in products based on Aether Platform
Endpoint Security Essentials Study Guide 108
Additional Resources
n List of compatible browsers to access the console of products based on Aether Platform
n Installation requirements of products based on Aether Platform for macOS platforms
n URLs and ports required for products based on Aether Platform to communicate with server
n Requirements for the discovery of computers and remote installation in products based on Aether Platform
n Requirements for the proxy and language settings in products based on Aether Platform
n Installation requirements of products based on Aether Platform for Android platforms
Videos:
n Installing Panda Adaptive Defense 360
n How to carry out the computer discovery & remote installation with Aether Platform
View Status
Administration Guide:
n Part 2: The Management Console > Status Area Overview section
https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o
AP-guide-EN.pdf
n Part 6: Viewing and Managing Threats
https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o
AP-guide-EN.pdf
Online Help:
n https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h
tm#t=126.htm
n https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h
tm#t=130.htm
n https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h
tm#t=178.htm
Knowledge Base:
n What happens when the licenses of an Aether-based product expire?
n How to assign and release product licenses with Aether-based products?
n How can I see the computer details in Aether Platform?
n How can I see at a glance the security status of my network with products based on Aether Platform?
Videos:
n Main dashboard: Panda Adaptive Defense 360 on Aether Platform
n Using lists in the Aether Platform console
View Computers
Administration Guide:
109 WatchGuard Technologies, Inc.
Additional Resources
n Managing Computers and Devices chapter
https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o
AP-guide-EN.pdf
Online Help:
n https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h
tm#t=047.htm
Knowledge Base:
n How can you manage the computers and devices of your organization? Filters, My organization and Active
Directory
n How do manual and automatic assignment of settings work in products based on Aether Platform?
n How does the automatic assignment to groups by IP work in Aether?
n What is the RAM unit to be entered when you create a filter in Aether Platform?
Videos:
n How to create filters in Aether Platform
n Creating a software or hardware filter in Aether Platform
Settings
Administration Guide:
n Managing Settings and Alerts chapters
https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o
AP-guide-EN.pdf
Online Help:
n https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h
tm#t=074.htm
n https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h
tm#t=207.htm
Knowledge Base:
n How can I find out the version of my Aether-based product?
n How does the Advanced Protection for Windows, Linux and macOS in products based on Aether work?
n What are the security settings for workstations and servers of Aether-based products?
n How does the anti-exploit technology included in Panda Adaptive Defense and Endpoint Protection products
work?
n What are the predefined categories of the web access control of products based on Aether?
n What is the layer detection model of Panda Adaptive Defense?
n What is real time in Aether Platform?
Videos:
Endpoint Security Essentials Study Guide 110
Additional Resources
n Configuring management users
n How to change the settings of a specific computer
n How real-time works on Aether Platform
n Setting up a two-factor authentication for your Panda login
n Setting profiles in the Aether Platform console
n Setting up a new user role and user account in the Aether Platform console
Remediation Tools
Administration Guide:
n Part 7: Security Incident Remediation chapter
https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o
AP-guide-EN.pdf
Online Help:
n https://www.pandasecurity.com/enterprise/downloads/docs/product/help/adaptivedefense360/latest/en/index.h
tm#t=205.htm
Videos:
n Isolating an endpoint in Aether Platform console
Troubleshooting
Knowledge Base:
Installation Errors
n Error messages during the installation or upgrade of products based on Aether Platform
n Communication error when installing a product based on Aether
n Error messages upon discovering computers and installing remotely in Aether-based products
n Error 12175 during the installation of the protection of products based on Aether Platform
Errors Accessing the Console
n Information regarding non-validated accounts for Panda Cloud products and services
Other Issues with the Product
n How to report issues related to products based on Aether Platform from the console?
Upgrade and Update Errors
n Issues with the upgrade caused by the fast boot option
n How to fix knowledge or signature update errors in Adaptive Defense and Endpoint Protection products
111 WatchGuard Technologies, Inc.
Additional Resources
Product Features by Platform
Knowledge Base:
Windows
n How to integrate a TDR Host Sensor with a host running Panda Security
n Creating exclusions for products based on Aether Platform
n List of Adaptive Defense/Endpoint Protection details to exclude from system or computer restore software
n How to set up a password against unauthorized protection tampering?
Android
n How to report an issue in Android devices protected with products based on Aether Platform?
n How to install the protection from an EMM compatible with the Android Enterprise features in products based on
Aether
Endpoint Security Essentials Study Guide 112
Additional Resources
Patch Management Additional Resources
Information about Patch Management is available from the Administration Guide and Knowledge Base.
Adaptive Defense 360 Administration Guide, Chapter 15
https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o
AP-guide-EN.pdf
Knowledge Base
https://www.pandasecurity.com/en/support/busqueda_completa_
enterprise?idIdioma=2&idSolucion=219&idProducto=203&idArea=1
Full Encryption Additional Resources
Information about Full Encryption is available from the Administration Guide and Knowledge Base.
Administration Guide
https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o
AP-guide-EN.pdf
Knowledge Base
https://www.pandasecurity.com/en/support/busqueda_completa_
enterprise?idIdioma=2&idSolucion=220&idProducto=204&idArea=1
Data Control Additional Rescources
Information about Data Control is available from the Administration Guide and Knowledge Base.
Administration Guide
https://www.pandasecurity.com/rfiles/enterprise/solutions/adaptivedefense/latest/ADAPTIVEDEFENSE360o
AP-guide-EN.pdf
Knowledge Base
https://www.pandasecurity.com/en/support/busqueda_completa_
homeusers?idIdioma=2&idSolucion=218&idProducto=202&idArea=1
Advanced Reporting Tool Additional Resources
Information on the Advanced Reporting Tool is available from the Administration Guide, Online Help, and Knowledge
Base.
113 WatchGuard Technologies, Inc.
Additional Resources
Advanced Reporting Tools Administration Guide
http://resources.pandasecurity.com/enterprise/solutions/adaptivedefense/ADVANCEDREPORTINGTOOL-
Guide-EN.pdf
Knowledge Base
https://www.pandasecurity.com/en-us/support/advanced-reporting-tool.htm
Videos
https://www.youtube.com/watch?v=knHOKAijof8
Overview and Web Console
Administration Guide:
n Chapter 2: Introduction; Chapter 3: The Web Console
http://resources.pandasecurity.com/enterprise/solutions/adaptivedefense/ADVANCEDREPORTINGTOOL-
Guide-EN.pdf
Knowledge Base:
n System requirements for the Advanced Reporting Tool
Data Search
Online Help:
n Search data
n Building a query
n Working in the search window
Knowledge Base:
n How to add external data to an existing table in Advanced Reporting Tool
n How to get updated information about a file's classification in Advanced Reporting Tool
Advanced Reporting
Administration Guide:
n Chapter 4: Introduction to the Applications; Chapter 5: Configured Applications
http://resources.pandasecurity.com/enterprise/solutions/adaptivedefense/ADVANCEDREPORTINGTOOL-
Guide-EN.pdf
Knowledge Base:
n Special applications and tools tables in the Advanced Reporting Tool
Alerts
Administration Guide:
Endpoint Security Essentials Study Guide 114
Additional Resources
n Chapter 6: Alerts
http://resources.pandasecurity.com/enterprise/solutions/adaptivedefense/ADVANCEDREPORTINGTOOL-
Guide-EN.pdf
Online Help:
n Alerts and notifications
n Create new alerts
n Configure Alerts
n Manage triggered alerts
Knowledge Base:
n How to modify and disable the Advanced Reporting Tool predefined alerts
Panda Partner Center Additional Resources
Panda Partner Center Administration Guide
http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf
Online Help
http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm
Overview
Administration Guide:
n Part 1: Introduction to Panda Partner Center and Access and Authorization in Panda Partner Center chapter
http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf
Online Help:
n http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=001.htm
n http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=015.htm
License Management
Administration Guide:
n Product and License Management chapter
http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf
Online Help:
n http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=029.htm
Status
Administration Guide:
115 WatchGuard Technologies, Inc.
Additional Resources
n Part 2: The Management Console and Client Management chapter > Monitoring Clients section
http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf
Online Help:
n http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=007.htm
n http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=027.htm
Clients
Administration Guide:
n Client Management chapter
http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf
Online Help:
n http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=023.htm
Settings
Administration Guide:
n Part 4: Device and Security Management
http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf
Online Help:
n http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=059.htm
n http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=066.htm
Reports
Administration Guide:
n Reports chapter
http://documents.managedprotection.pandasecurity.com/AdvancedGuide/PARTNERCENTER-Manual-EN.pdf
Online Help:
n http://documents.managedprotection.pandasecurity.com/Help/v77000//Partners/en-us/index.htm#t=077.htm
Endpoint Security Essentials Study Guide 116
You might also like
- 1901 2022412984 SC400T00AENUTrainerHandbook100% (2)1901 2022412984 SC400T00AENUTrainerHandbook194 pages
- Cyber Security For Beginners: October 2023No ratings yetCyber Security For Beginners: October 2023294 pages
- ZXCTN 6150 V3.00 Product Description - 20140106 - EN100% (1)ZXCTN 6150 V3.00 Product Description - 20140106 - EN155 pages
- Learning Management System (LMS) : USER Manual Version 6.0: Sl. No Version History DateNo ratings yetLearning Management System (LMS) : USER Manual Version 6.0: Sl. No Version History Date19 pages
- WIRES-X Connection Kit HRI-200 (Includes New DG-ID Feature) Instruction ManualNo ratings yetWIRES-X Connection Kit HRI-200 (Includes New DG-ID Feature) Instruction Manual109 pages
- An Insight Into Embedded System Design: Pantech Solutions PVT LTD Chennai-17No ratings yetAn Insight Into Embedded System Design: Pantech Solutions PVT LTD Chennai-1783 pages
- IBM Security Intelligence Actualizacion para BP PDFNo ratings yetIBM Security Intelligence Actualizacion para BP PDF148 pages
- (K ROSET) (Online - Function - Manual) (E)No ratings yet(K ROSET) (Online - Function - Manual) (E)27 pages
- BSD-2000 Deep Regional Hyperthermia System FamilyNo ratings yetBSD-2000 Deep Regional Hyperthermia System Family2 pages
- BIG-IP - Application Security Manager ImplementationsNo ratings yetBIG-IP - Application Security Manager Implementations348 pages
- CIRE 2131: Lab 9: Optoelectronic DevicesNo ratings yetCIRE 2131: Lab 9: Optoelectronic Devices6 pages
- Migration From DevOps To DevSecOps - A Complete Migration Framework, Challenges and Evaluation-Jul-12-2020-0359100% (1)Migration From DevOps To DevSecOps - A Complete Migration Framework, Challenges and Evaluation-Jul-12-2020-035919 pages
- Cyber Security Report 2019 (DarkMatter)No ratings yetCyber Security Report 2019 (DarkMatter)40 pages
- Qualys Pci Compliance Getting Started GuideNo ratings yetQualys Pci Compliance Getting Started Guide12 pages
- Simplified Com Ai Presentation Maker Agile WorkflowNo ratings yetSimplified Com Ai Presentation Maker Agile Workflow3 pages
- Devsecops Trend Report: Brought To You in Partnership WithNo ratings yetDevsecops Trend Report: Brought To You in Partnership With24 pages
- Study Guide: Exam AZ-900: Microsoft Azure FundamentalsNo ratings yetStudy Guide: Exam AZ-900: Microsoft Azure Fundamentals8 pages
- FFIEC CAT App B Map To NIST CSF June 2015 PDF4 PDFNo ratings yetFFIEC CAT App B Map To NIST CSF June 2015 PDF4 PDF24 pages
- Solution Brief: Ransomware Targets Endpoints With Devasting Impact Key CapabilitiesNo ratings yetSolution Brief: Ransomware Targets Endpoints With Devasting Impact Key Capabilities4 pages
- NICF - Linux System Administration (SF) : 20 Slides Supplement To The Trainer's PP File Form Linux FoundationNo ratings yetNICF - Linux System Administration (SF) : 20 Slides Supplement To The Trainer's PP File Form Linux Foundation22 pages
- 2023-03-17 Report Radicati Endpoint Security Market Quadrant - 2023100% (1)2023-03-17 Report Radicati Endpoint Security Market Quadrant - 202365 pages
- The Logicnow Cyber Threat Guide: Nine Types of Internet Threats and How To Stop ThemNo ratings yetThe Logicnow Cyber Threat Guide: Nine Types of Internet Threats and How To Stop Them44 pages
- LTS Secure Security Information and Event Management (Siem)No ratings yetLTS Secure Security Information and Event Management (Siem)8 pages
- ESTONIA Cyber Security Strategy - 2014-2017 PDFNo ratings yetESTONIA Cyber Security Strategy - 2014-2017 PDF15 pages
- 3 - Forensic Acquisition and Analysis of VMware Virtual Machine ArtifactsNo ratings yet3 - Forensic Acquisition and Analysis of VMware Virtual Machine Artifacts5 pages
- DNS Best Practices, Network Protections, and Attack Identification - Cisco SystemsNo ratings yetDNS Best Practices, Network Protections, and Attack Identification - Cisco Systems8 pages
- Windows XP Operating System Security Guide: University of Texas at ArlingtonNo ratings yetWindows XP Operating System Security Guide: University of Texas at Arlington41 pages
- Barracuda Web Application Firewall DS USNo ratings yetBarracuda Web Application Firewall DS US2 pages
- NERC LSE Standards Applicability Matrix Posted 02 10 2009No ratings yetNERC LSE Standards Applicability Matrix Posted 02 10 200915 pages
- The Secure Cloud: Best Practices For Cloud AdoptionNo ratings yetThe Secure Cloud: Best Practices For Cloud Adoption12 pages
- Security That Works. Together.: Cisco Secure Offerings Are Strengthened byNo ratings yetSecurity That Works. Together.: Cisco Secure Offerings Are Strengthened by2 pages
- Configuring IPCop Firewalls: Closing Borders with Open SourceFrom EverandConfiguring IPCop Firewalls: Closing Borders with Open SourceNo ratings yet
