Setting a Security Policy’s Prevention or Simulation Mode
Each FortiEDR security policy can be set to operate in one of the following modes:
- Prevention: FortiEDR enforces its active prevention policy that blocks all activity that violates relevant rules in the FortiEDR security policy.
- Simulation/Notification Only: FortiEDR logs and alerts only violations of FortiEDR security policy. The events are shown in the FortiEDR Central Manager. In this mode, FortiEDR does not block malicious activity. This is the default mode of all FortiEDR security policies out of the box. You can decide to use this mode during an initial acquaintance period or at any time.
To set a security policy to Prevention or Simulation mode:
-
1 Select the checkbox of the security policy to be configured. Alternatively, you can select the top-left checkbox to configure all security policies at once.
- You can now either:
- : Click the Set Mode button and select either Prevention or Simulation, as shown above.
- : Move the slider to the left for Prevention or to the right for Simulation.
You can also set all FortiEDR policies to Simulation mode at once by moving the slider at the top-left corner to Simulation, as shown below: