Introduction
A device security threat can compromise an organization's confidential data, financial stability, and user identities. Guardz ensures that company-managed laptops and desktops are fully protected and monitored from malicious threats by providing Managed Antivirus (AV) and Device Posture security.
This guide covers:
β
How Guardz protects your devices π₯οΈ
β
Device Agent capabilities & modes π
β
Installation, setup & policy configuration βοΈ
β
Troubleshooting common issues π
β
FAQs and best practices π
πΉ What is Managed AV & Device Posture?
Guardz provides two primary security capabilities for endpoints:
1οΈβ£ Device Posture Monitoring β Identifies gaps in security settings, OS updates, AV tool versions, firewall status, disk encryption, and more. Any security risks generate an actionable playbook for administrators to remediate.
2οΈβ£ Managed Antivirus (AV) with Active Protection β Works in sync with Microsoft Defender to enforce security policies, detect and respond to threats, and continuously monitor all devices.
π‘οΈ Device Agent Operational Modes & Capabilities
π Device Posture Mode (Passive Monitoring)
Analyzes security settings (firewall, encryption, OS patching, AV signatures).
Generates alerts for missing patches, outdated software, or disabled security tools.
File Integrity Check: Uses a "bait" file to detect unauthorized modifications (e.g., ransomware attempts).
β‘ Active Mode: Managed AV & Security Enforcement
(Windows Defender Integration)
Policy Enforced Protection: Guardz manages Windows Defender security settings to ensure proper configuration.
Automated Threat Remediation: If a threat is detected, Guardz can automatically remove or quarantine it.
Policy Override: Admins can define global or per-customer AV policies to control enforcement levels.
β Key Security Features:
Continuous endpoint security monitoring
Ransomware & malware detection with automated responses
Device isolation to contain infected endpoints
Autorun & process snapshots for investigation
π₯ Device Agent Installation & Deployment
Guardz Device Agent supports:
β
Windows (10, 11) & Windows Server (2016, 2019, 2022)
β
macOS (Intel & M1/M2)
πΉ Deployment Methods
π Script-Based Deployment (RMM, PowerShell, Bash)
π Installer Package (MSI/PKG)
π GPO (Group Policy) Deployment for Windows
π‘ How to Install Guardz Device Agent
1οΈβ£ Log into Guardz Dashboard β Navigate to Security Controls > Endpoint Security > Deployment.
2οΈβ£ Download the Agent Installer (MSI for Windows, PKG for macOS).
3οΈβ£ Run the Installer:
π₯ Windows: Right-click and select Run as Administrator.
π macOS: Open
.pkgand follow the on-screen instructions.
4οΈβ£ Verify Installation:Open Task Manager (Windows) or Activity Monitor (Mac) and check for
GuardzAgent.exe.The device should now appear in Guardz Dashboard > Devices.
β Pro Tip: Use MDM (Mac) or GPO (Windows) to deploy across multiple devices.
βοΈ Device Agent Settings & Security Policies
πΉ Configuring Windows Defender Policies
π Go to: Security Controls > Endpoint Security > Microsoft Defender Policy Settings
π§ Choose a Policy Mode:
Monitor Mode: Only alerts administrators of policy violations.
Enforce Mode: Actively adjusts device settings to comply with security policies.
π‘ Tip: We recommend configuring security policies before deploying the Guardz Device Agent.
π Troubleshooting Common Issues
πΉ Issue: Installation Blocked
π‘ Solution:
Check if another security tool is preventing installation.
Temporarily disable antivirus/firewall and retry.
πΉ Issue: Agent Not Reporting to Dashboard
π‘ Solution:
Ensure the device has an active internet connection.
Restart Guardz Agent:
Windows:
net stop GuardzAgent && net start GuardzAgent
Mac:
sudo launchctl stop com.guardz.agent && sudo launchctl start com.guardz.agent
πΉ Issue: Device Not Appearing in Dashboard
π‘ Solution:
Check installation logs (
C:\ProgramData\Guardz\Logs).Reinstall and restart the device.
πΉ Issue: Defender Policies Not Applying
π‘ Solution:
Verify Defender Policy Settings in Guardz Dashboard.
Check for conflicting third-party security tools.
π Updating & Managing the Device Agent
β Auto-Update: If the installed version is 0.0.87 or above, Guardz will automatically update the agent.
π Manual Update Steps:
1οΈβ£ Check the current agent version in Security Controls > Endpoints.
2οΈβ£ If using RMM, redeploy the latest script.
3οΈβ£ Run the installation package manually for standalone updates.
π Device Management & Monitoring
The Device Management Table in Guardz provides an overview of all enrolled devices.
π Key Device Fields:
Hostname & OS Details π₯οΈ
Security Status (Safe, Medium, Risky) π₯
Last Seen Timestamp β³
Defender AV Policy & Scan Results π‘οΈ
Link to Active Security Issues π¨
π Filters & Exporting Data:
Use filters to identify high-risk devices.
Export device data as a CSV report for further analysis.
π Device Isolation & Incident Response
π¨ Why Isolate a Device?
If ransomware or malware is detected, Guardz allows admins to isolate the device from the network to prevent further compromise.
π How to Isolate a Device:
1οΈβ£ Go to Security Controls > Detection & Response.
2οΈβ£ Locate the affected device.
3οΈβ£ Click "Isolate Device" to block all network activity.
4οΈβ£ Once threats are resolved, click "Release Device" to restore connectivity.
π Defender Exclusions: Fine-Tune Security Scans
MSPs can define exclusions to prevent false positives in Windows Defender.
π How to Configure Exclusions:
1οΈβ£ Navigate to Security Controls > Endpoint Security > Microsoft Defender Exclusions.
2οΈβ£ Add file paths, processes, or extensions to exclude.
3οΈβ£ Apply exclusions globally or per customer.
π Prerequisites: The agent must be version 1.3.0+ to support exclusions.
π Frequently Asked Questions (FAQ)
πΉ How do I install the agent on Windows Server?
Go to Security Controls > Endpoint Security > Deploy and select Windows Server installer.
πΉ Why does my device still appear after I removed it?
The "Remove Device" option only removes it from the UI; it does not uninstall the agent. Use the Guardz Uninstallation Guide to remove the agent fully.
πΉ Can I trigger a manual endpoint scan?
No, Guardz scans continuously and automatically.
πΉ How can I export a list of all protected devices?
Go to
Security Controls > Detection & Response.Use filters to select Device Protection.
Click Export to CSV.
π’ Related Articles
How to Monitor Endpoint Security in Guardz
Troubleshooting Device Isolation Issues
Understanding Windows Defender & Guardz Integration
π Your endpoints are your first line of defense - keep them protected with Guardz!