Fortinet white logo
Fortinet white logo

Administration Guide

Manually fixing detected vulnerabilities

Manually fixing detected vulnerabilities

In some cases, FortiClient cannot automatically install software patches, and you must manually download and install software patches. After each scan, the Vulnerability Scan tab lists any software that requires you to manually download and install software patches. See also Scanning now.

If a software vendor has ceased to provide patches for its software, the software is tagged as obsolete in the signatures used by the Vulnerability Scan feature, and you must uninstall the software to fix detected vulnerabilities. The obsolete tag is visible in the details. See Viewing details about vulnerabilities.

If compliance is enabled for FortiClient in managed mode, and FortiGate compliance rules require it, all software patches must be installed within a time frame to maintain compliant status and network access. See also Compliance and vulnerability scanning.

To manually fix detected vulnerabilities:
  1. On the Vulnerability Scan tab, identify the software that requires manual fixing.

    Any software with detected vulnerabilities that requires you to manually download and install software patches is displayed in the Vulnerabilities Detected area.

  2. Download the latest software patch for each software from the Internet, and install it on the endpoint.
  3. After you install the software for all remaining vulnerabilities, go to the Vulnerability Scan tab, and click the Scan Now button to instruct FortiClient to confirm the vulnerabilities are fixed.

    If the manual fixes were successful, the Vulnerability Scan tab displays Vulnerabilities Detected: None after the scan completes.

Manually fixing detected vulnerabilities

Manually fixing detected vulnerabilities

In some cases, FortiClient cannot automatically install software patches, and you must manually download and install software patches. After each scan, the Vulnerability Scan tab lists any software that requires you to manually download and install software patches. See also Scanning now.

If a software vendor has ceased to provide patches for its software, the software is tagged as obsolete in the signatures used by the Vulnerability Scan feature, and you must uninstall the software to fix detected vulnerabilities. The obsolete tag is visible in the details. See Viewing details about vulnerabilities.

If compliance is enabled for FortiClient in managed mode, and FortiGate compliance rules require it, all software patches must be installed within a time frame to maintain compliant status and network access. See also Compliance and vulnerability scanning.

To manually fix detected vulnerabilities:
  1. On the Vulnerability Scan tab, identify the software that requires manual fixing.

    Any software with detected vulnerabilities that requires you to manually download and install software patches is displayed in the Vulnerabilities Detected area.

  2. Download the latest software patch for each software from the Internet, and install it on the endpoint.
  3. After you install the software for all remaining vulnerabilities, go to the Vulnerability Scan tab, and click the Scan Now button to instruct FortiClient to confirm the vulnerabilities are fixed.

    If the manual fixes were successful, the Vulnerability Scan tab displays Vulnerabilities Detected: None after the scan completes.