Vulnerability scan
The <vulnerability_scan></vulnerability_scan>
XML tags contain vulnerability scan configurations.
<forticlient_configuration>
<vulnerability_scan>
<enabled>1</enabled>
<scan_on_registration>1</scan_on_registration>
<scan_on_signature_update>1</scan_on_signature_update>
<auto_patch>
<level>critical</level>
</auto_patch>
<windows_update>1</windows_update>
<proxy_enabled>0</proxy_enabled>
<exempt_manual>1</exempt_manual>
<send_exempted_apps_to_ems>1</send_exempted_apps_to_ems>
<exemptions>
<exemption>Google Chrome</exemption>
<exemption>Java JDK</exemption>
</exemptions>
<exempt_no_auto_patch>1</exempt_no_auto_patch>
<scheduled_scans>
<schedule>
<enable_schedule>1</enable_schedule>
<repeat>1</repeat>
<day>1</day>
<time>19:30</time>
</schedule>
<automatic_maintenance>
<scan_on_maintenance>0</scan_on_maintenance>
<maintenance_period></maintenance_period>
<maintenance_deadline></maintenance_deadline>
</automatic_maintenance>
</scheduled_scans>
<vcm_expire_days>10</vcm_expire_days>
</vulnerability_scan>
</forticlient_configuration>
The following table provides the XML tags for Vulnerability Scan, as well as the descriptions and default values where applicable.
XML tag |
Description |
Default value |
---|---|---|
<enabled> |
Enable vulnerability scan. |
|
<scan_on_registration> |
Specifies whether to start a vulnerability scan when FortiClient registers to a FortiGate. Boolean value: |
|
<scan_on_signature_update> |
Specifies whether to start a vulnerability scan when FortiClient updates its signatures. Boolean value: |
|
<auto_patch> |
Specifies whether to automatically install patches. Use the |
|
<level> |
Specify whether to patch vulnerabilities with a severity higher than the defined level. When set to
|
|
<windows_update> |
Specifies whether to scan Windows updates and third party application updates. When set to Boolean value: |
|
<proxy_enabled> |
Enable using proxy settings configured in FortiClient when downloading updates for vulnerability patches. Boolean value: |
0 |
<exempt_manual> |
Specifies whether to exempt from vulnerability scanning any applications that require the endpoint user to manually install patches. Boolean value: |
|
<send_exempted_apps_to_ems> |
Specifies whether to send vulnerability information from applications that are exempt from Vulnerability Scan to EMS. Boolean value: |
0 |
<exemptions> |
Identifies the names of applications that are exempted. |
|
<exempt_no_auto_patch> |
Specifies whether to exempt any applications that FortiClient can automatically patch from vulnerability scanning. Boolean value: |
|
You can only schedule one item. If you enable |
||
<enable_schedule> |
Enable scheduled vulnerability scans. Boolean value: |
|
<repeat> |
Configure the frequency of scans:
|
|
<day> |
Used only for weekly scan and monthly scan. If the
If the |
The default is the date that the policy was installed from FortiGate.
|
<time> |
Configure the time to run the scan. Specify a time value in 24-hour clock. The following shows an example configuration for a scan that runs at 7:30 PM (19:30 on a 24-hour clock) daily: <schedule> <repeat>0</repeat> <time>19:30</time> </schedule> |
The default is the time that the policy was installed from FortiGate. |
This configures vulnerability scans to run as part of Windows automatic maintenance. Adding FortiClient vulnerability scans to the Windows automatic maintenance queue allows the system to choose an appropriate time for the scan that minimally impact the user, PC performance, and energy efficiency. See Automatic Maintenance. |
||
<scan_on_maintenance> |
Enable running vulnerability scan as part of Windows automatic maintenance. Boolean value: |
0 |
<maintenance_period> |
Specify how often vulnerability scanning must be started during automatic maintenance. Enter the desired period in the format PnYnMnDTnHnMnS, where nY is the number of years, nM is the number of months, nD is the number of days, T is the date/time separator, nH is the number of hours, nM is the number of minutes, and nS is the number of seconds. For example, to configure a period of five minutes, you would enter the following: <maintenance_period>PT5M</maintenance_period> To configure a period of one month, four days, two hours, and five minutes, you would enter the following: <maintenance_period>P1M4DT2H5M</maintenance_period> |
|
<maintenance_deadline> |
Specify when Windows must start vulnerability scanning during emergency automatic maintenance, if vulnerability scanning did not complete during regular automatic maintenance. This value must be greater than the |
|
<vcm_expire_days> |
Configure the number of days after which FortiClient deletes Vulnerability Scan logs. If this element is not configured, by default, FortiClient deletes Vulnerability Scan logs after 30 days. |
|