Skip to main content
All CollectionsSecurity Controls
πŸš€ Guardz Managed AV & Device Posture Guide
πŸš€ Guardz Managed AV & Device Posture Guide
Updated over 2 weeks ago

Introduction

A device security threat can compromise an organization's confidential data, financial stability, and user identities. Guardz ensures that company-managed laptops and desktops are fully protected and monitored from malicious threats by providing Managed Antivirus (AV) and Device Posture security.

This guide covers:
βœ… How Guardz protects your devices πŸ–₯️
βœ… Device Agent capabilities & modes πŸ”
βœ… Installation, setup & policy configuration βš™οΈ
βœ… Troubleshooting common issues πŸ”„
βœ… FAQs and best practices πŸ”‘


πŸ”Ή What is Managed AV & Device Posture?

Guardz provides two primary security capabilities for endpoints:

1️⃣ Device Posture Monitoring – Identifies gaps in security settings, OS updates, AV tool versions, firewall status, disk encryption, and more. Any security risks generate an actionable playbook for administrators to remediate.

2️⃣ Managed Antivirus (AV) with Active Protection – Works in sync with Microsoft Defender to enforce security policies, detect and respond to threats, and continuously monitor all devices.


πŸ›‘οΈ Device Agent Operational Modes & Capabilities

πŸ” Device Posture Mode (Passive Monitoring)

  • Analyzes security settings (firewall, encryption, OS patching, AV signatures).

  • Generates alerts for missing patches, outdated software, or disabled security tools.

  • File Integrity Check: Uses a "bait" file to detect unauthorized modifications (e.g., ransomware attempts).

⚑ Active Mode: Managed AV & Security Enforcement

(Windows Defender Integration)

  • Policy Enforced Protection: Guardz manages Windows Defender security settings to ensure proper configuration.

  • Automated Threat Remediation: If a threat is detected, Guardz can automatically remove or quarantine it.

  • Policy Override: Admins can define global or per-customer AV policies to control enforcement levels.

βœ… Key Security Features:

  • Continuous endpoint security monitoring

  • Ransomware & malware detection with automated responses

  • Device isolation to contain infected endpoints

  • Autorun & process snapshots for investigation


πŸ“₯ Device Agent Installation & Deployment

Guardz Device Agent supports:
βœ… Windows (10, 11) & Windows Server (2016, 2019, 2022)
βœ… macOS (Intel & M1/M2)

πŸ”Ή Deployment Methods

πŸ“Œ Script-Based Deployment (RMM, PowerShell, Bash)
πŸ“Œ Installer Package (MSI/PKG)
πŸ“Œ GPO (Group Policy) Deployment for Windows

πŸ’‘ How to Install Guardz Device Agent

1️⃣ Log into Guardz Dashboard β†’ Navigate to Security Controls > Endpoint Security > Deployment.
2️⃣ Download the Agent Installer (MSI for Windows, PKG for macOS).
3️⃣ Run the Installer:

  • πŸ–₯ Windows: Right-click and select Run as Administrator.

  • 🍏 macOS: Open .pkg and follow the on-screen instructions.
    4️⃣ Verify Installation:

  • Open Task Manager (Windows) or Activity Monitor (Mac) and check for GuardzAgent.exe.

  • The device should now appear in Guardz Dashboard > Devices.

βœ… Pro Tip: Use MDM (Mac) or GPO (Windows) to deploy across multiple devices.


βš™οΈ Device Agent Settings & Security Policies

πŸ”Ή Configuring Windows Defender Policies

πŸ“Œ Go to: Security Controls > Endpoint Security > Microsoft Defender Policy Settings

πŸ”§ Choose a Policy Mode:

  • Monitor Mode: Only alerts administrators of policy violations.

  • Enforce Mode: Actively adjusts device settings to comply with security policies.

πŸ’‘ Tip: We recommend configuring security policies before deploying the Guardz Device Agent.


πŸ”„ Troubleshooting Common Issues

πŸ”Ή Issue: Installation Blocked
πŸ’‘ Solution:

  • Check if another security tool is preventing installation.

  • Temporarily disable antivirus/firewall and retry.

πŸ”Ή Issue: Agent Not Reporting to Dashboard
πŸ’‘ Solution:

  • Ensure the device has an active internet connection.

  • Restart Guardz Agent:

    • Windows:

      net stop GuardzAgent && net start GuardzAgent
    • Mac:

      sudo launchctl stop com.guardz.agent && sudo launchctl start com.guardz.agent

πŸ”Ή Issue: Device Not Appearing in Dashboard
πŸ’‘ Solution:

  • Check installation logs (C:\ProgramData\Guardz\Logs).

  • Reinstall and restart the device.

πŸ”Ή Issue: Defender Policies Not Applying
πŸ’‘ Solution:

  • Verify Defender Policy Settings in Guardz Dashboard.

  • Check for conflicting third-party security tools.


πŸ“Œ Updating & Managing the Device Agent

βœ… Auto-Update: If the installed version is 0.0.87 or above, Guardz will automatically update the agent.

πŸ“Œ Manual Update Steps:
1️⃣ Check the current agent version in Security Controls > Endpoints.
2️⃣ If using RMM, redeploy the latest script.
3️⃣ Run the installation package manually for standalone updates.


πŸ” Device Management & Monitoring

The Device Management Table in Guardz provides an overview of all enrolled devices.

πŸ“Œ Key Device Fields:

  • Hostname & OS Details πŸ–₯️

  • Security Status (Safe, Medium, Risky) πŸ”₯

  • Last Seen Timestamp ⏳

  • Defender AV Policy & Scan Results πŸ›‘οΈ

  • Link to Active Security Issues 🚨

πŸ“Œ Filters & Exporting Data:

  • Use filters to identify high-risk devices.

  • Export device data as a CSV report for further analysis.


πŸ”„ Device Isolation & Incident Response

🚨 Why Isolate a Device?

  • If ransomware or malware is detected, Guardz allows admins to isolate the device from the network to prevent further compromise.

πŸ“Œ How to Isolate a Device:
1️⃣ Go to Security Controls > Detection & Response.
2️⃣ Locate the affected device.
3️⃣ Click "Isolate Device" to block all network activity.
4️⃣ Once threats are resolved, click "Release Device" to restore connectivity.


πŸ”‘ Defender Exclusions: Fine-Tune Security Scans

MSPs can define exclusions to prevent false positives in Windows Defender.

πŸ“Œ How to Configure Exclusions:
1️⃣ Navigate to Security Controls > Endpoint Security > Microsoft Defender Exclusions.
2️⃣ Add file paths, processes, or extensions to exclude.
3️⃣ Apply exclusions globally or per customer.

πŸ“Œ Prerequisites: The agent must be version 1.3.0+ to support exclusions.


πŸ“– Frequently Asked Questions (FAQ)

πŸ”Ή How do I install the agent on Windows Server?
Go to Security Controls > Endpoint Security > Deploy and select Windows Server installer.

πŸ”Ή Why does my device still appear after I removed it?
The "Remove Device" option only removes it from the UI; it does not uninstall the agent. Use the Guardz Uninstallation Guide to remove the agent fully.

πŸ”Ή Can I trigger a manual endpoint scan?
No, Guardz scans continuously and automatically.

πŸ”Ή How can I export a list of all protected devices?

  1. Go to Security Controls > Detection & Response.

  2. Use filters to select Device Protection.

  3. Click Export to CSV.


πŸ“’ Related Articles

  • How to Monitor Endpoint Security in Guardz

  • Troubleshooting Device Isolation Issues

  • Understanding Windows Defender & Guardz Integration

πŸš€ Your endpoints are your first line of defense - keep them protected with Guardz!

Did this answer your question?