Fortinet white logo
Fortinet white logo

EMS Administration Guide

Appendix - FortiClient EMS services

Appendix - FortiClient EMS services

The following lists FortiClient EMS services:

Critical severity

Service

Description

FCEMS_Monitor Ensures EMS services are running and restarts the ones that are down. It also can restart running services when it detects settings that affect those services have changed to ensure they use the latest settings.
FCEMS_Apache Serves the EMS Administration console and APIs that FortiOS uses to get information on endpoints and posture.
FCEMS_Das Allows most processes to access and cache endpoint-related data related. When down, processing of requests from endpoints results in error.
FCEMS_ZTNA Provides some APIs that FortiOS consumes to get information on endpoints and posture.
FCEMS_ECSOCKSRV Receives connections from endpoints and routes their requests to other processes within EMS. If this process is down, endpoints cannot communicate with EMS.
FCEMS_KA Processes heartbeat requests from endpoints and is responsible for pushing profile changes and commands to execute on endpoints, such as vulnerability and antivirus (AV) scans.
FCEMS_REG Handles registration requests from endpoints.
FCEMS_Notify Notifies FortiOS when there are important changes in endpoints.
FCEMS_PROBE Handles probe requests, which are tests that endpoints perform to ensure they are talking to a supported EMS. When this service is down, new endpoints cannot connect to EMS and existing endpoints cannot reconnect.
FCEMS_TAG Processes network change requests from endpoints. When down, network changes that affect the endpoint's posture may take longer for EMS to realize and informed FortiOS of.
FCEMS_ChromebookServer Processes requests and serves profiles to Chromebook endpoints.

Medium severity

Service

Description

FCEMS_Server

Processes data uploads from endpoints. These uploads can be any of the following:

  • Endpoint logs
  • Endpoint diagnostics
  • Software inventory
  • Alerts:
    • Web Filter
    • AV
    • Firewall
  • Vulnerability scan results
Redis Used by most other services for caching and interprocess communication.
FCEMS_Task Performs schedule tasks for license maintenance (removing seats from endpoints that have not connected to EMS in a long time) and others, such as revoking expired zero trust network access (ZTNA) certificates that are expired.
FCEMS_Deploy Schedules FortiClient upgrade deployment to eligible endpoints.
FCEMS_ADCONNECTOR Connects and pulls data from Active Directory (AD) or Microsoft Entra ID to add to EMS.
FCEMS_ADTASK Performs periodical syncs to get updates from AD added to EMS.
FCEMS_ADDAEMON Parses AD information and links it to existing endpoints or adds new devices, groups, and users pulled from those directories to EMS.
FCEMS_Sip Processes software inventory lists that endpoints upload and potentially unwanted application checks.
FCEMS_Update Downloads updates from FortiGuard distribution server and other Fortinet systems. This includes a FortiClient installers list and vulnerability and signature information.

Low severity

Service

Description

FCEMS_ADEVTSRV If syncing AD information to EMS using a remote connector, this process parses the connector's requests.
FCEMS_FORENSICS Integrates with the Forensics platform to pull updates from Forensics tickets associated with any managed endpoint.
FCEMS_MDMPROXY Integrates with mobile device management (MDM) platforms to exchange information about mobile endpoints.
FCEMS_SCEP Serves ZTNA certificates for mobile endpoints that MDM platforms manage.

Appendix - FortiClient EMS services

Appendix - FortiClient EMS services

The following lists FortiClient EMS services:

Critical severity

Service

Description

FCEMS_Monitor Ensures EMS services are running and restarts the ones that are down. It also can restart running services when it detects settings that affect those services have changed to ensure they use the latest settings.
FCEMS_Apache Serves the EMS Administration console and APIs that FortiOS uses to get information on endpoints and posture.
FCEMS_Das Allows most processes to access and cache endpoint-related data related. When down, processing of requests from endpoints results in error.
FCEMS_ZTNA Provides some APIs that FortiOS consumes to get information on endpoints and posture.
FCEMS_ECSOCKSRV Receives connections from endpoints and routes their requests to other processes within EMS. If this process is down, endpoints cannot communicate with EMS.
FCEMS_KA Processes heartbeat requests from endpoints and is responsible for pushing profile changes and commands to execute on endpoints, such as vulnerability and antivirus (AV) scans.
FCEMS_REG Handles registration requests from endpoints.
FCEMS_Notify Notifies FortiOS when there are important changes in endpoints.
FCEMS_PROBE Handles probe requests, which are tests that endpoints perform to ensure they are talking to a supported EMS. When this service is down, new endpoints cannot connect to EMS and existing endpoints cannot reconnect.
FCEMS_TAG Processes network change requests from endpoints. When down, network changes that affect the endpoint's posture may take longer for EMS to realize and informed FortiOS of.
FCEMS_ChromebookServer Processes requests and serves profiles to Chromebook endpoints.

Medium severity

Service

Description

FCEMS_Server

Processes data uploads from endpoints. These uploads can be any of the following:

  • Endpoint logs
  • Endpoint diagnostics
  • Software inventory
  • Alerts:
    • Web Filter
    • AV
    • Firewall
  • Vulnerability scan results
Redis Used by most other services for caching and interprocess communication.
FCEMS_Task Performs schedule tasks for license maintenance (removing seats from endpoints that have not connected to EMS in a long time) and others, such as revoking expired zero trust network access (ZTNA) certificates that are expired.
FCEMS_Deploy Schedules FortiClient upgrade deployment to eligible endpoints.
FCEMS_ADCONNECTOR Connects and pulls data from Active Directory (AD) or Microsoft Entra ID to add to EMS.
FCEMS_ADTASK Performs periodical syncs to get updates from AD added to EMS.
FCEMS_ADDAEMON Parses AD information and links it to existing endpoints or adds new devices, groups, and users pulled from those directories to EMS.
FCEMS_Sip Processes software inventory lists that endpoints upload and potentially unwanted application checks.
FCEMS_Update Downloads updates from FortiGuard distribution server and other Fortinet systems. This includes a FortiClient installers list and vulnerability and signature information.

Low severity

Service

Description

FCEMS_ADEVTSRV If syncing AD information to EMS using a remote connector, this process parses the connector's requests.
FCEMS_FORENSICS Integrates with the Forensics platform to pull updates from Forensics tickets associated with any managed endpoint.
FCEMS_MDMPROXY Integrates with mobile device management (MDM) platforms to exchange information about mobile endpoints.
FCEMS_SCEP Serves ZTNA certificates for mobile endpoints that MDM platforms manage.