Vulnerability Scan
Configurations for Vulnerability Scan are contained in the <vulnerability_scan></vulnerability_scan>
XML tags.
<forticlient_configuration>
<vulnerability_scan>
<enabled>1</enabled>
<scan_on_registration>1</scan_on_registration>
<scan_on_signature_update>1</scan_on_signature_update>
<auto_patch>
<level>critical</level>
</auto_patch>
<windows_update>1</windows_update>
<proxy_enabled>0</proxy_enabled>
<exempt_manual>1</exempt_manual>
<exemptions>
<exemption>Google Chrome</exemption>
<exemption>Java JDK</exemption>
</exemptions>
<exempt_no_auto_patch>1</exempt_no_auto_patch>
<scheduled_scans>
<schedule>
<enable_schedule>1</enable_schedule>
<repeat>1</repeat>
<day>1</day>
<time>19:30</time>
</schedule>
</scheduled_scans>
</vulnerability_scan>
</forticlient_configuration>
The following table provides the XML tags for Vulnerability Scan, as well as the descriptions and default values where applicable.
XML Tag |
Description |
Default Value |
---|---|---|
<enabled> |
Vulnerability Scan is enabled. |
|
<scan_on_registration> |
Specifies whether to start a vulnerability scan when FortiClient registers to FortiGate. When set to In older versions of FortiClient, this tag was named Boolean value: |
|
<scan_on_signature_update> |
Specifies whether to start a vulnerability scan when signatures are updated. When set to Boolean value: |
|
<auto_patch> |
Specifies whether to automatically install patches. Use |
|
<level> |
Specify whether to patch vulnerabilities with a severity higher than the defined level. Disabled when set to
|
|
<windows_update> |
Specifies whether to scan both Windows updates and third-party application updates. When set to Boolean value: |
|
<proxy_enabled> |
Enable or disable using proxy settings configured in FortiClient when downloading updates for vulnerability patches. Boolean value: |
0 |
<exempt_manual> |
Specifies whether to exempt from vulnerability scanning any applications that require the endpoint user to manually install patches. Boolean value: |
|
<exemptions> |
Identifies the names of applications that are exempted. |
|
<exempt_no_auto_patch> |
Specifies whether to exempt any applications that FortiClient can automatically patch from vulnerability scanning. Boolean value: |
|
Currently there can only be one scheduled item. |
||
<enable_schedule> |
Enable or disable scheduled vulnerability scans. Boolean value: |
|
<repeat> |
Frequency of scans. Select one of the following:
|
|
<day> |
Used only for weekly scan and monthly scan. If the
If the |
The default is the date the policy was installed from FortiGate.
|
<time> |
The time when to run the scan. Specify a time value in 24 hour clock. |
The default is the time the policy was installed from FortiGate. |