Fortinet black logo

New Features

Home FortiClient 6.2.2 New Features

New compliance verification rule types

6.2.2
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 98b4e085-ff54-11e9-8977-00505692583a:315638
Download PDF

New compliance verification rule types

EMS 6.2.2 introduces new compliance verification rule types. If an endpoints satisfies a rule, EMS places the endpoint into a group with other endpoints that satisfy the rule. The new rule types are:

Configuring a compliance verification rule set remains similar to earlier versions of EMS. See the FortiClient EMS 6.2.2 Administration Guide.

AD Group

An endpoint that belongs to an AD domain may belong to numerous AD groups. You can configure a compliance verification rule that applies tags to endpoints based on what AD group(s) they belong to.

AntiVirus Software

You can configure an AntiVirus Software rule to consist of the following criteria:

  • AV Software is installed and running
  • AV signature is up-to-date

AV software can include:

  • FortiClient AV
  • Third-party AV software
  • Windows Defender

Sandbox Detection

The Sandbox Detection rule type has one criterion: Sandbox detected malware on the endpoint in the last seven days.

Windows Security

You can configure a Windows Security rule to consist of the following criteria:

  • Windows Defender is enabled
  • Bitlocker Disk Encryption is enabled
  • Exploit Guard is enabled
  • Application Guard is enabled
  • Windows Firewall is enabled

Application Guard is only available for Windows 10.

Results

The example shows a rule configured for each new rule type:

Name

Description

AD-group-Builtin-Admin

AD group rule that tags endpoints where the logged-in user is a member of the BuiltIn/Administrators AD group

AV-installed

AntiVirus Software rule that tags endpoints where AV software is installed and running

BitLocker

Windows Security rule that tags endpoints where Bitlocker Disk Encryption is enabled

sandbox-detection

Sandbox Detection rule that tags endpoints where Sandbox detected malware in the last seven days.

Go to Compliance Verification > Host Tag Monitor. You can view each tag and the endpoints grouped by each tag:

Go to Compliance Verification > Fabric Device Monitor. You can view all FortiGates that are connected to EMS using the FSSO protocol, the tags shared with the FortiGate, and the number of endpoints in each tag group.

Go to Endpoints and view the details for a tagged endpoint. Host Verification Tags displays the tags that EMS has applied to the endpoint.

If you enabled Show Host Tags on FortiClient GUI on the endpoint's applied profile, you can also view the host tags on the FortiClient GUI.

Previous
Next

New compliance verification rule types

EMS 6.2.2 introduces new compliance verification rule types. If an endpoints satisfies a rule, EMS places the endpoint into a group with other endpoints that satisfy the rule. The new rule types are:

Configuring a compliance verification rule set remains similar to earlier versions of EMS. See the FortiClient EMS 6.2.2 Administration Guide.

AD Group

An endpoint that belongs to an AD domain may belong to numerous AD groups. You can configure a compliance verification rule that applies tags to endpoints based on what AD group(s) they belong to.

AntiVirus Software

You can configure an AntiVirus Software rule to consist of the following criteria:

  • AV Software is installed and running
  • AV signature is up-to-date

AV software can include:

  • FortiClient AV
  • Third-party AV software
  • Windows Defender

Sandbox Detection

The Sandbox Detection rule type has one criterion: Sandbox detected malware on the endpoint in the last seven days.

Windows Security

You can configure a Windows Security rule to consist of the following criteria:

  • Windows Defender is enabled
  • Bitlocker Disk Encryption is enabled
  • Exploit Guard is enabled
  • Application Guard is enabled
  • Windows Firewall is enabled

Application Guard is only available for Windows 10.

Results

The example shows a rule configured for each new rule type:

Name

Description

AD-group-Builtin-Admin

AD group rule that tags endpoints where the logged-in user is a member of the BuiltIn/Administrators AD group

AV-installed

AntiVirus Software rule that tags endpoints where AV software is installed and running

BitLocker

Windows Security rule that tags endpoints where Bitlocker Disk Encryption is enabled

sandbox-detection

Sandbox Detection rule that tags endpoints where Sandbox detected malware in the last seven days.

Go to Compliance Verification > Host Tag Monitor. You can view each tag and the endpoints grouped by each tag:

Go to Compliance Verification > Fabric Device Monitor. You can view all FortiGates that are connected to EMS using the FSSO protocol, the tags shared with the FortiGate, and the number of endpoints in each tag group.

Go to Endpoints and view the details for a tagged endpoint. Host Verification Tags displays the tags that EMS has applied to the endpoint.

If you enabled Show Host Tags on FortiClient GUI on the endpoint's applied profile, you can also view the host tags on the FortiClient GUI.

Previous
Next