Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    Home FortiClient 7.4.0 New Features
    7.4.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.3
    6.2.2
    6.2.1
    6.2.0

    FortiEndpoint (FortiClient integration of FortiEDR agent) 7.4.1

    FortiEndpoint (FortiClient integration of FortiEDR agent) 7.4.1

    A cloud-based software-as-a-service endpoint management service called FortiEndpoint is available. This is a Fortinet-hosted EMS solution. FortiEndpoint provides the same features as FortiClient Cloud but with an additional FortiEndpoint deployment feature.

    See the FortiEndpoint Administration Guide for details.

    When the FortiClient EMS and FortiEDR systems are integrated, the EMS Administrator can create a "unified installer" that installs both the FortiClient and FortiEDR components on the endpoint. Because the FortiEDR installer is pre-configured, the FortiClient installation experience is unchanged and no FortiEDR user prompts appear.

    Example 1

    The following example demonstrates installing FortiClient integrated with the FortiEDR agent using the EMS-create installer. FortiEDR has not been installed beforehand.

    Note

    The following are required:

    • FortiClient EMS requires a FortiEDR license to support the integration.

    • FortiClient custom installers do not support this FortiEDR feature. Only the installer from the FDS can be enabled with the FortiEDR feature.

    • Configure the endpoint DNS to point to cloud ENS before installing FortiClient.
    To install FortiClient integrated with the FortiEDR agent:

    1. Go to Endpoint Profiles > System Settings.

    2. In Endpoint Control, enable Enable Endpoint Detection & Response.

    3. Go to Deployment & Installers > FortiClient Installer.

    4. Click Add.

    5. Configure the General settings:

      1. Enter the Online Installer Name.

      2. Select the Release and Patch version.

      3. Deselect Hotfix.

      4. Enter the Invitation.

      5. Click Next.

    6. Configure the Features:

      1. Enable Endpoint Detection & Response.

      2. Click Next.

    7. Configure the EDR Feature settings:

      1. Select the EDR Engine Version.

      2. Click Next.

    8. Configure the Advanced features.

    9. Click Finish. The FortiClient installer with the FortiEDR agent is displayed.

    10. When the Status is Ready for deployment, click Generate Zip.

    11. Click Confirm.

    12. Click Download Zip.

    13. Copy the FortiClient installer .zip file to a clean Windows machine, then extract the file and start the installation process using .exe file.

      FortiClient and the FortiEDR agent will be installed simultaneously. The FortiTray notification message will be displayed as EDR State: Running once the FortiClient is registered with EMS.

      A new profile tab Detection and Response is added on the FortiClient console and shows the FortiEDR agent status. FortiEDR Collector Service will be running along with the FortiClient.

    Example 2

    The following example demonstrates how FortiClient integrated with the FortiEDR agent can detect and block malicious applications.

    To leverage FortiClient integrates with FortiEDR:

    1. Enable the FortiEDR feature:

    2. Go to Endpoint Profiles > System Settings.

    3. In Endpoint Control, enable Enable Endpoint Detection & Response. When enabled, the Detection & Response tab will be displayed on the FortiClient with the status EDR Enabled. When the EDR agent detects a malicious application, it blocks the application and shows a Block Event FortiTray notification message.

      The Activity Log count on the Detection & Response page will be updated.

    4. In Detection & Response, click the Activity Log count or the settings icon. EDR-blocked events will be shown in the Activity Log table.

    5. If available, click > on a detection event to see more details.

      Note

      EDR detection event logs can be seen on the endpoint at C:\ProgramData\FortiEDR\Logs\Collector in the BlockLog.bin file.

      FortiClient can also send EDR event for FortiClient EMS. These events are displayed in the EDR Events tab.
    Previous
    Next

    FortiEndpoint (FortiClient integration of FortiEDR agent) 7.4.1

    FortiEndpoint (FortiClient integration of FortiEDR agent) 7.4.1

    A cloud-based software-as-a-service endpoint management service called FortiEndpoint is available. This is a Fortinet-hosted EMS solution. FortiEndpoint provides the same features as FortiClient Cloud but with an additional FortiEndpoint deployment feature.

    See the FortiEndpoint Administration Guide for details.

    When the FortiClient EMS and FortiEDR systems are integrated, the EMS Administrator can create a "unified installer" that installs both the FortiClient and FortiEDR components on the endpoint. Because the FortiEDR installer is pre-configured, the FortiClient installation experience is unchanged and no FortiEDR user prompts appear.

    Example 1

    The following example demonstrates installing FortiClient integrated with the FortiEDR agent using the EMS-create installer. FortiEDR has not been installed beforehand.

    Note

    The following are required:

    • FortiClient EMS requires a FortiEDR license to support the integration.

    • FortiClient custom installers do not support this FortiEDR feature. Only the installer from the FDS can be enabled with the FortiEDR feature.

    • Configure the endpoint DNS to point to cloud ENS before installing FortiClient.
    To install FortiClient integrated with the FortiEDR agent:

    1. Go to Endpoint Profiles > System Settings.

    2. In Endpoint Control, enable Enable Endpoint Detection & Response.

    3. Go to Deployment & Installers > FortiClient Installer.

    4. Click Add.

    5. Configure the General settings:

      1. Enter the Online Installer Name.

      2. Select the Release and Patch version.

      3. Deselect Hotfix.

      4. Enter the Invitation.

      5. Click Next.

    6. Configure the Features:

      1. Enable Endpoint Detection & Response.

      2. Click Next.

    7. Configure the EDR Feature settings:

      1. Select the EDR Engine Version.

      2. Click Next.

    8. Configure the Advanced features.

    9. Click Finish. The FortiClient installer with the FortiEDR agent is displayed.

    10. When the Status is Ready for deployment, click Generate Zip.

    11. Click Confirm.

    12. Click Download Zip.

    13. Copy the FortiClient installer .zip file to a clean Windows machine, then extract the file and start the installation process using .exe file.

      FortiClient and the FortiEDR agent will be installed simultaneously. The FortiTray notification message will be displayed as EDR State: Running once the FortiClient is registered with EMS.

      A new profile tab Detection and Response is added on the FortiClient console and shows the FortiEDR agent status. FortiEDR Collector Service will be running along with the FortiClient.

    Example 2

    The following example demonstrates how FortiClient integrated with the FortiEDR agent can detect and block malicious applications.

    To leverage FortiClient integrates with FortiEDR:

    1. Enable the FortiEDR feature:

    2. Go to Endpoint Profiles > System Settings.

    3. In Endpoint Control, enable Enable Endpoint Detection & Response. When enabled, the Detection & Response tab will be displayed on the FortiClient with the status EDR Enabled. When the EDR agent detects a malicious application, it blocks the application and shows a Block Event FortiTray notification message.

      The Activity Log count on the Detection & Response page will be updated.

    4. In Detection & Response, click the Activity Log count or the settings icon. EDR-blocked events will be shown in the Activity Log table.

    5. If available, click > on a detection event to see more details.

      Note

      EDR detection event logs can be seen on the endpoint at C:\ProgramData\FortiEDR\Logs\Collector in the BlockLog.bin file.

      FortiClient can also send EDR event for FortiClient EMS. These events are displayed in the EDR Events tab.
    Previous
    Next