Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • EMS Administration Guide

    Home FortiClient 7.2.0 EMS Administration Guide
    7.2.0
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.9
    6.4.8
    6.4.7
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.8
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Viewing the Endpoint Scan Status

    Viewing the Endpoint Scan Status

    To view the Endpoint Scan Status:
    1. Go to Dashboard > Vulnerability Scan.

      On the Endpoint Scan Status chart, endpoints are organized by type:

      • 11/21 are Secured (green section)
      • 1/21 is Vulnerable (red section)
      • 6/21 are Un-Scanned (yellow section)
      • 3/21 are Scanning (grey section)
    2. Click the Vulnerable section to view all vulnerabilities detected on vulnerable endpoints:

      Patch All

      Click this button to patch all vulnerabilities currently displayed on the content pane. The vulnerabilities are patched with the next Telemetry communication between FortiClient EMS and the endpoint.

      Refresh

      Click to refresh the list of vulnerabilities in the content pane.

      Clear Filters

      Click to clear all filters applied to the list of vulnerabilities.

      Hostname

      Hostname of the endpoint where the vulnerability was detected.

      Username

      User that is currently logged into the endpoint where the vulnerability was detected.

      Vulnerability

      Displays the number of vulnerabilities detected on the endpoint at each severity level. In this example, the endpoint has 11 critical vulnerabilities, 20 high risk vulnerabilities, and 5 medium risk vulnerabilities that can be patched using FortiClient.

      The same endpoint also has 2 critical vulnerabilities that must be manually patched.

      Patch Status

      You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.

      If a patch is already scheduled for the vulnerability, this column displays Scheduled.

      If the vulnerability must be patched manually, this column displays Manual Patch.

      FortiClient may be unable to automatically patch the vulnerability due to one of the following reasons:

      • Third-party application vulnerabilities: incorrect or missing installation paths
      • OS vulnerabilities: Windows update service is disabled

      In these cases, EMS may incorrectly display the status of these vulnerabilities that were selected to be automatically patched as Scheduled instead of Failed.

      You can filter the list of vulnerable endpoints by any column by clicking the filter icon beside the desired heading. Enter the value to include in the filter. You can toggle the All/Any/Not button for the following options:

      • All: Display all files that match the set filter.
      • Any: Display any file that matches the set filter.
      • Not: Display only files that do not match the set filter.
    3. Click a hostname. You can view all vulnerabilities detected on that endpoint. You can filter the list of vulnerabilities in the same way that you can filter the list of vulnerable endpoints in step 2.

    4. Go back, then click one of the sections under the Vulnerability column to view all vulnerabilities detected on the selected endpoint at the selected severity. The example displays all critical vulnerabilities for the selected endpoint. You can filter the list of vulnerabilities in the same way that you can filter the list of vulnerable endpoints in step 2.

      Vulnerability

      Name of the vulnerability.

      Category

      Category of the vulnerability.

      Severity

      Severity level of the vulnerability.

      Patch Status

      You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.

      If a patch is already scheduled for the vulnerability, this column displays Scheduled.

      If the vulnerability must be patched manually, this column displays Manual Patch.

    Previous
    Next

    Viewing the Endpoint Scan Status

    Viewing the Endpoint Scan Status

    To view the Endpoint Scan Status:
    1. Go to Dashboard > Vulnerability Scan.

      On the Endpoint Scan Status chart, endpoints are organized by type:

      • 11/21 are Secured (green section)
      • 1/21 is Vulnerable (red section)
      • 6/21 are Un-Scanned (yellow section)
      • 3/21 are Scanning (grey section)
    2. Click the Vulnerable section to view all vulnerabilities detected on vulnerable endpoints:

      Patch All

      Click this button to patch all vulnerabilities currently displayed on the content pane. The vulnerabilities are patched with the next Telemetry communication between FortiClient EMS and the endpoint.

      Refresh

      Click to refresh the list of vulnerabilities in the content pane.

      Clear Filters

      Click to clear all filters applied to the list of vulnerabilities.

      Hostname

      Hostname of the endpoint where the vulnerability was detected.

      Username

      User that is currently logged into the endpoint where the vulnerability was detected.

      Vulnerability

      Displays the number of vulnerabilities detected on the endpoint at each severity level. In this example, the endpoint has 11 critical vulnerabilities, 20 high risk vulnerabilities, and 5 medium risk vulnerabilities that can be patched using FortiClient.

      The same endpoint also has 2 critical vulnerabilities that must be manually patched.

      Patch Status

      You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.

      If a patch is already scheduled for the vulnerability, this column displays Scheduled.

      If the vulnerability must be patched manually, this column displays Manual Patch.

      FortiClient may be unable to automatically patch the vulnerability due to one of the following reasons:

      • Third-party application vulnerabilities: incorrect or missing installation paths
      • OS vulnerabilities: Windows update service is disabled

      In these cases, EMS may incorrectly display the status of these vulnerabilities that were selected to be automatically patched as Scheduled instead of Failed.

      You can filter the list of vulnerable endpoints by any column by clicking the filter icon beside the desired heading. Enter the value to include in the filter. You can toggle the All/Any/Not button for the following options:

      • All: Display all files that match the set filter.
      • Any: Display any file that matches the set filter.
      • Not: Display only files that do not match the set filter.
    3. Click a hostname. You can view all vulnerabilities detected on that endpoint. You can filter the list of vulnerabilities in the same way that you can filter the list of vulnerable endpoints in step 2.

    4. Go back, then click one of the sections under the Vulnerability column to view all vulnerabilities detected on the selected endpoint at the selected severity. The example displays all critical vulnerabilities for the selected endpoint. You can filter the list of vulnerabilities in the same way that you can filter the list of vulnerable endpoints in step 2.

      Vulnerability

      Name of the vulnerability.

      Category

      Category of the vulnerability.

      Severity

      Severity level of the vulnerability.

      Patch Status

      You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.

      If a patch is already scheduled for the vulnerability, this column displays Scheduled.

      If the vulnerability must be patched manually, this column displays Manual Patch.

    Previous
    Next