Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    Home FortiClient 7.2.0 New Features
    7.2.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.3
    6.2.2
    6.2.1
    6.2.0

    PUA detection 7.2.2

    PUA detection 7.2.2

    You can now see all potentially unwanted applications (PUA) on the new PUA dashboard in EMS. You can also see PUA events on the endpoint details page. This feature requires the Endpoint Protection Platform license and for the Software Inventory feature to be enabled on EMS. EMS compares the software inventory that it receives from FortiClient to the PUA signatures it receives from the FortiGuard distribution servers (FDS). If EMS determines any of the applications are a PUA, it displays it on the PUA dashboard.

    To enable PUA detection:

    1. In EMS, go to Endpoint Profiles > System Settings.

    2. On the desired System Settings profile, under Endpoint Control, enable Send Software Inventory.

    3. After FortiClient receives the updated profile and sends its software inventory to EMS, go to Software Inventory > Applications. The PUA Category column indicates whether an application is considered a PUA, and, if so, what PUA category it belongs to. You can also use the PUAs button at the top to only view PUAs.

    4. Go to Dashboard > Potentially Unwanted Applications.

      You can view PUA information in the following widgets:

      Widget

      Description

      Potentially Unwanted Applications Summary

      Shows all detected PUAs categorized into the following:

      • Illegal or unethical

      • Cryptomining

      • Hacking

      • Unpopular

      • Phishing

      • Malicious

      Endpoint PUA Status

      Shows how many endpoints have PUAs and how many do not.

      PUA Detection Timeline

      		Shows historical events related to PUA detection on a timeline. Hover over the red circles to see a popup with PUA detection count and the PUAs detected during that time period.

      PUA Total Timeline

      Shows line chart of PUA detection and uninstall events. Hover over the green icircles to see a popup with PUA totals, PUA detection count, and three events in that time period.

      Top 10 Hosts with PUAs

      Displays the ten endpoints that have the most PUAs and the number of PUAs detected on those endpoints.

      Top 10 Unwanted Applications

      Displays the top ten most common PUAs and the number of hosts where the PUAs have been detected. Click the vulnerability name to see information about the vulnerability on FortiGuard.

      You can drill down on information in the widgets. For example, for the Potentially Unwanted Applications Summary widget, you can click the Unpopular section of the chart to view all unpopular PUAs detected on endpoints. From there, you can further click a PUA to view all endpoints that have that PUA currently installed.

    5. Go to Endpoints > All Endpoints. Select the desired endpoint. On the PUA Events tab, the default view, Status, shows PUAs currently installed on the endpoint. You can select Events to view all PUA events, including install and uninstall events.

    6. PUA detection requires PUA signatures. EMS downloads these signatures from FDS. Go to System Settings > FortiGuard Services > View Signature List to view the PUA signature version.
    Previous
    Next

    PUA detection 7.2.2

    PUA detection 7.2.2

    You can now see all potentially unwanted applications (PUA) on the new PUA dashboard in EMS. You can also see PUA events on the endpoint details page. This feature requires the Endpoint Protection Platform license and for the Software Inventory feature to be enabled on EMS. EMS compares the software inventory that it receives from FortiClient to the PUA signatures it receives from the FortiGuard distribution servers (FDS). If EMS determines any of the applications are a PUA, it displays it on the PUA dashboard.

    To enable PUA detection:

    1. In EMS, go to Endpoint Profiles > System Settings.

    2. On the desired System Settings profile, under Endpoint Control, enable Send Software Inventory.

    3. After FortiClient receives the updated profile and sends its software inventory to EMS, go to Software Inventory > Applications. The PUA Category column indicates whether an application is considered a PUA, and, if so, what PUA category it belongs to. You can also use the PUAs button at the top to only view PUAs.

    4. Go to Dashboard > Potentially Unwanted Applications.

      You can view PUA information in the following widgets:

      Widget

      Description

      Potentially Unwanted Applications Summary

      Shows all detected PUAs categorized into the following:

      • Illegal or unethical

      • Cryptomining

      • Hacking

      • Unpopular

      • Phishing

      • Malicious

      Endpoint PUA Status

      Shows how many endpoints have PUAs and how many do not.

      PUA Detection Timeline

      		Shows historical events related to PUA detection on a timeline. Hover over the red circles to see a popup with PUA detection count and the PUAs detected during that time period.

      PUA Total Timeline

      Shows line chart of PUA detection and uninstall events. Hover over the green icircles to see a popup with PUA totals, PUA detection count, and three events in that time period.

      Top 10 Hosts with PUAs

      Displays the ten endpoints that have the most PUAs and the number of PUAs detected on those endpoints.

      Top 10 Unwanted Applications

      Displays the top ten most common PUAs and the number of hosts where the PUAs have been detected. Click the vulnerability name to see information about the vulnerability on FortiGuard.

      You can drill down on information in the widgets. For example, for the Potentially Unwanted Applications Summary widget, you can click the Unpopular section of the chart to view all unpopular PUAs detected on endpoints. From there, you can further click a PUA to view all endpoints that have that PUA currently installed.

    5. Go to Endpoints > All Endpoints. Select the desired endpoint. On the PUA Events tab, the default view, Status, shows PUAs currently installed on the endpoint. You can select Events to view all PUA events, including install and uninstall events.

    6. PUA detection requires PUA signatures. EMS downloads these signatures from FDS. Go to System Settings > FortiGuard Services > View Signature List to view the PUA signature version.
    Previous
    Next