Watchguard TDR and F-Secure Deepguard issue
We are F-Secure & Watchguard partners.
We are encountering an "issue" between Watchguard TDR (Threat Detection and Response) and F-Secure Deepguard inside F-Secure Client Security (AFAIK this is still the case with latest 13.00 version).
Watchguard TDR is a cloud based behavior detection against specificaly Advanced threat such as crypto-virus or cryto-worms (more info here). Basically it is divided in a local host sensor (host_sensor.exe) and a Cloud Plateform which is communicating whith. As from Watchguard, TDR is designed to work alongside with "classic" Antivirus/Antimalware products (even advanced one such as F-Secure Business Product). Stricto senso, TDR is NOT an antimalware and is not replacing this kind of products.
The "issue" we are encountering is that F-Secure Deepguard is doing its job What I meen is simply that it detects TDR ("host_sensor.exe") as a potentiel risk due to its behavior (exactly what they are both supposed to do). If the user allows TDR inside Deepguard, all is working without any trouble.
The watchguard best practices are suggesting to exclude Antimalware folder from TDR (done), and the F-Secure TDR folder (or host_sensor.exe process) from Antimalware solution. What is annoying is that TDR is updating itself on a regular basis. Each update is detected each time as a new risk by Deepguard because - I guess - the exe signature is changing. So regulary the F-Secure Client Security user has a popup from Deepguard asking what to do with "host_sensor.exe".
Except if I am wrong, basically there is currently no way for an F-Secure Policy Manager Admin like me to exclude host_sensor.exe process from Deepguard.
Any solution/workaround ?
Maybe it could be very useful for F-Secure to have a bidirectionnal communication with Watchguard to make your products working better together (e.g. including TDR signatures inside Deepguard database updates).