Endpoint Protection

Expand all | Collapse all

FortiClient 6.XXX

  Thread closed by the administrator. It is viewable, but not accepting new replies.
  • 1.  FortiClient 6.XXX

    Posted Sep 20, 2018 08:34 AM
    No replies, thread closed.
    Is there a way to disable vulnerability scanner in FortiClient 6.xx?
    Also, what happens with what it finds? Does it automatically update/remediate or just notifies? the reason I ask is that most of the time computers are managed by another application, and we have an update schedule.

    ------------------------------
    David Hay-Currie
    Network Engineer
    DehcTech
    Newark, DE

    ------------------------------


  • 2.  RE: FortiClient 6.XXX

    Posted Sep 20, 2018 09:37 AM
    No replies, thread closed.
    I just figured to change some of the applications I can unlock from the lower left side, however Vulnerability doesn't have configurable settings.
    I don't have anything that needs updating, but I am still wondering.


  • 3.  RE: FortiClient 6.XXX

    Posted Sep 20, 2018 09:44 AM
    No replies, thread closed.
    Hi David,

    You can control Vulnerability Scan settings via XML for standalone client, or via FortiClent EMS for managed one.
    Please check XML Guide Fortinet Docs Library - FortiClient 6.0.2 XML Reference
    Fortinet remove preview
    Fortinet Docs Library - FortiClient 6.0.2 XML Reference
    View this on Fortinet >

    Thank you,

    Paul


  • 4.  RE: FortiClient 6.XXX

    Posted Sep 20, 2018 11:49 AM
    No replies, thread closed.
    Thanks Paul.
    So, I exported the settings, and that showed me how it is setup.

    <vulnerability_scan>
    <enabled>1</enabled>
    <scan_on_registration>0</scan_on_registration>
    <scan_on_signature_update>1</scan_on_signature_update>
    <windows_update>1</windows_update>
    <proxy_enabled>0</proxy_enabled>
    <automatic_maintenance>
    <scan_on_maintenance>0</scan_on_maintenance>
    <maintenance_period>0</maintenance_period>
    <maintenance_deadline>0</maintenance_deadline>
    </automatic_maintenance>
    <auto_patch />
    <scheduled_scans />
    </vulnerability_scan>

    This means that although it is enabled, it won't run by default a scan, and even if it runs, there is no remediation, just information.
    However it will run when there is a signature update.
    This actually helps me a lot.
    I just tested it though and it enables display of vulnerability scan and the vulnerability scan button when the client is restarted (either by fully exiting the application or restarting the computer)

    ------------------------------
    David
    Network Engineer
    [CompanyName]
    [City] [State]
    ------------------------------