Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiEDR/XDR 5.0.0 Administration Guide
    5.0.0
    6.2.0
    6.0.0
    5.2.1
    5.2.0
    5.1.0
    5.0.0
    4.2.0
    4.1.1
    4.1.0

    Security Policies Page

    Security Policies Page

    The SECURITY POLICIES page displays a row for each security policy. Each policy row can be expanded to show the rules that it contains, as shown below. To access this page, click the down arrow next to SECURITY SETTINGS and then select Security Policies.

    FortiEDR is provided out-of-the-box with several predefined security policies (depending on your license), ready for you to get started. By default, all policies are set to Simulation mode (meaning that they only log and do not block) and show the logo. This page also enables you to define additional policies.

    Security Policy

    Icon
    Exfiltration Prevention
    Ransomware Prevention
    Execution Prevention
    Device Control Policies
    Extended Detection

    The following information is defined per security policy:

    Information Field

    Description
    Policy Name The policy name appears in the left most column. The policy name is defined when the policy is created. The name of the Default Policy cannot be changed.
    Rule Name

    FortiEDR’s proprietary rules come predefined and are the primary component of FortiEDR’s proprietary security solution. This column displays a short description for the purpose of this rule.

    Note : You can expand the ADVANCED POLICY & RULES DATA area at the bottom left of the window to display a more detailed description of what the rule does and how it works.
    Action

    Specifies the action that is enforced when this rule is violated. You can change this field, as follows:

    • Block : When this policy is set to Prevention mode (Setting a Security Policy’s Prevention or Simulation Mode), the exfiltration attempt is blocked and a blocking event is generated. When this policy is set to Simulation mode, the outgoing connection attempt is NOT blocked and a simulated-blocking event is generated (this indicates that FortiEDR would have blocked the exfiltration if the policy had been set to Prevention mode).

    • Log : The event is only logged regardless of whether the policy is set to Prevention or Simulation mode. The outgoing connection attempt is not blocked.
    State (Enabled/Disabled) This option enables you to disable/enable this rule. FortiEDR’s rules have been created as a result of extensive expertise and experience. Therefore, we do not recommend disabling any of them.
    Note

    To reset a FortiEDR security policy to its out-of-the-box settings, click the Reset Policy button in the ADVANCED POLICY & RULE DATA section, as shown below:
    Previous
    Next

    Security Policies Page

    Security Policies Page

    The SECURITY POLICIES page displays a row for each security policy. Each policy row can be expanded to show the rules that it contains, as shown below. To access this page, click the down arrow next to SECURITY SETTINGS and then select Security Policies.

    FortiEDR is provided out-of-the-box with several predefined security policies (depending on your license), ready for you to get started. By default, all policies are set to Simulation mode (meaning that they only log and do not block) and show the logo. This page also enables you to define additional policies.

    Security Policy

    Icon
    Exfiltration Prevention
    Ransomware Prevention
    Execution Prevention
    Device Control Policies
    Extended Detection

    The following information is defined per security policy:

    Information Field

    Description
    Policy Name The policy name appears in the left most column. The policy name is defined when the policy is created. The name of the Default Policy cannot be changed.
    Rule Name

    FortiEDR’s proprietary rules come predefined and are the primary component of FortiEDR’s proprietary security solution. This column displays a short description for the purpose of this rule.

    Note : You can expand the ADVANCED POLICY & RULES DATA area at the bottom left of the window to display a more detailed description of what the rule does and how it works.
    Action

    Specifies the action that is enforced when this rule is violated. You can change this field, as follows:

    • Block : When this policy is set to Prevention mode (Setting a Security Policy’s Prevention or Simulation Mode), the exfiltration attempt is blocked and a blocking event is generated. When this policy is set to Simulation mode, the outgoing connection attempt is NOT blocked and a simulated-blocking event is generated (this indicates that FortiEDR would have blocked the exfiltration if the policy had been set to Prevention mode).

    • Log : The event is only logged regardless of whether the policy is set to Prevention or Simulation mode. The outgoing connection attempt is not blocked.
    State (Enabled/Disabled) This option enables you to disable/enable this rule. FortiEDR’s rules have been created as a result of extensive expertise and experience. Therefore, we do not recommend disabling any of them.
    Note

    To reset a FortiEDR security policy to its out-of-the-box settings, click the Reset Policy button in the ADVANCED POLICY & RULE DATA section, as shown below:
    Previous
    Next