Endpoint Security (Managed AV & Device Posture)

Introduction

A device security threat can compromise an organization's confidential data, financial stability, and user identities. Guardz ensures that company-managed laptops and desktops are fully protected and monitored from malicious threats by providing Managed Antivirus (AV) and Device Posture security.

This guide covers:

How Guardz protects your devices
Device Agent capabilities & modes
Installation, setup & policy configuration
Troubleshooting common issues
FAQs and best practices

What is Managed AV & Device Posture?

Guardz provides two primary security capabilities for endpoints:

Device Posture Monitoring – Identifies gaps in security settings, OS updates, AV tool versions, firewall status, disk encryption, and more. Any security risks generate an actionable playbook for administrators to remediate.
Managed Antivirus (AV) with Active Protection – Works in sync with Microsoft Defender to enforce security policies, detect and respond to threats, and continuously monitor all devices.

Device Agent Operational Modes & Capabilities

Device Posture Mode (Passive Monitoring)

Analyzes security settings (firewall, encryption, OS patching, AV signatures).
Generates alerts for missing patches, outdated software, or disabled security tools.
File Integrity Check: Uses a "bait" file to detect unauthorized modifications (e.g., ransomware attempts).

Active Mode: Managed AV & Security Enforcement

(Windows Defender Integration)

Policy Enforced Protection: Guardz manages Windows Defender security settings to ensure proper configuration.
Automated Threat Remediation: If a threat is detected, Guardz can automatically remove or quarantine it.
Policy Override: Admins can define global or per-customer AV policies to control enforcement levels.

Key Security Features:

Continuous endpoint security monitoring
Ransomware & malware detection with automated responses
Device isolation to contain infected endpoints
Autorun & process snapshots for investigation

Device Agent Installation & Deployment

Guardz Device Agent supports:

Windows (10, 11) & Windows Server (2016, 2019, 2022)
macOS (Intel & M1/M2)

Deployment Methods

Script-Based Deployment (RMM, PowerShell, Bash)
Installer Package (MSI/PKG)
GPO (Group Policy) Deployment for Windows

How to Install Guardz Device Agent

Log into Guardz Dashboard → Navigate to Security Controls > Endpoint Security > Deployment.
Download the Agent Installer (MSI for Windows, PKG for macOS).
Run the Installer:

Windows: Right-click and select Run as Administrator.

macOS: Open .pkg and follow the on-screen instructions.

4. Verify Installation:

Open Task Manager (Windows) or Activity Monitor (Mac) and check for GuardzAgent.exe.
The device should now appear in Guardz Dashboard > Devices.

Pro Tip: Use MDM (Mac) or GPO (Windows) to deploy across multiple devices.

Device Agent Settings & Security Policies

Configuring Windows Defender Policies

Go to: Security Controls > Endpoint Security > Microsoft Defender Policy Settings

Choose a Policy Mode:

Monitor Mode: Only alerts administrators of policy violations.
Enforce Mode: Actively adjusts device settings to comply with security policies.

Tip: We recommend configuring security policies before deploying the Guardz Device Agent.

Troubleshooting Common Issues

Issue: Installation Blocked
Solution:

Check if another security tool is preventing installation.
Temporarily disable antivirus/firewall and retry.

Issue: Agent Not Reporting to Dashboard
Solution:

Ensure the device has an active internet connection.

Restart Guardz Agent:

Windows:

net stop GuardzAgent && net start GuardzAgent

Mac:

sudo launchctl stop com.guardz.agent && sudo launchctl start com.guardz.agent

Issue: Device Not Appearing in Dashboard
Solution:

Check installation logs (C:\ProgramData\Guardz\Logs).
Reinstall and restart the device.

Issue: Defender Policies Not Applying
Solution:

Verify Defender Policy Settings in Guardz Dashboard.
Check for conflicting third-party security tools.

Updating & Managing the Device Agent

Auto-Update: If the installed version is 0.0.87 or above, Guardz will automatically update the agent.

Manual Update Steps:
Check the current agent version in Security Controls > Endpoints.
If using RMM, redeploy the latest script.
Run the installation package manually for standalone updates.

Device Management & Monitoring

The Device Management Table in Guardz provides an overview of all enrolled devices.

Key Device Fields:

Hostname & OS Details
Security Status (Safe, Medium, Risky)
Last Seen Timestamp
Defender AV Policy & Scan Results
Link to Active Security Issues

Filters & Exporting Data:

Use filters to identify high-risk devices.
Export device data as a CSV report for further analysis.

Device Isolation & Incident Response

Why Isolate a Device?

If ransomware or malware is detected, Guardz allows admins to isolate the device from the network to prevent further compromise.

How to Isolate a Device:

Go to Security Controls > Detection & Response.
Locate the affected device.
Click "Isolate Device" to block all network activity.
Once threats are resolved, click "Release Device" to restore connectivity.

Defender Exclusions: Fine-Tune Security Scans

MSPs can define exclusions to prevent false positives in Windows Defender.

How to Configure Exclusions:

Navigate to Security Controls > Endpoint Security > Microsoft Defender Exclusions.
Add file paths, processes, or extensions to exclude.
Apply exclusions globally or per customer.

Prerequisites: The agent must be version 1.3.0+ to support exclusions.

Frequently Asked Questions (FAQ)

How do I install the agent on Windows Server?
Go to Security Controls > Endpoint Security > Deploy and select Windows Server installer.

Why does my device still appear after I removed it?
The "Remove Device" option only removes it from the UI; it does not uninstall the agent. Use the Guardz Uninstallation Guide to remove the agent fully.

Can I trigger a manual endpoint scan?
No, Guardz scans continuously and automatically.

How can I export a list of all protected devices?