Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.0.0 Administration Guide

End-user Notifications

5.0.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0
Copy Link
Copy Doc ID 82fbe02c-e479-11eb-97f7-00505692583a:696915
Download PDF

End-user Notifications

Each device protected by FortiEDR can display an icon in the system tray to indicate its state.

The FortiEDR icon indicates the current state of the device, as follows:

  • Protection On
  • Protection Off/Disabled
  • Degraded
  • Isolated

Note – Terminating a FortiEDR process ends this process and stops the display of the FortiEDR icon in the system tray, but does not stop FortiEDR protection.

When the FortiEDR icon is configured to display on FortiEDR-protected devices, a popup message displays whenever something is blocked on a protected device (based on the blocking policy set for that device). File modifications (due to suspected ransomware), the exfiltration of external connections and execution prevention actions can be blocked. For example, the following shows that a TCP port listening action was blocked for the DynamicCodeListenTests.exe process.

Note- This notification is displayed only once for the same process. If the same process is blocked multiple times, only a single FortiEDR pop up is displayed.

You can choose to show or hide end-user notifications (pop-ups) for the next 24 hours. To do so, right-click the FortiEDR icon in the system tray and then check the checkbox to hide notifications or leave the checkbox unchecked to display notifications.

You can double click the FortiEDR icon in the system tray to review recent blocking activity on the device as shown below. Each row includes a single event (that can be composed of multiple occurrences) and displays the process name, the first and last occurrences times, the process ID and the type of blocking: either security or communication control.

Expanding the arrow on the right of each event reveals more details per event including the process path and the number of occurrences of the same blocking event:

FortiEDR Icon Configuration

The behavior of the FortiEDR icon in the system tray must be configured in the Administration tab.

To configure FortiEDR icon behavior:

  1. 1 Click the TOOLS link in the left pane.

  2. In the END USERS NOTIFICATION area, configure the following settings:

    Setting

    Definition

    Show System Tray Icon with Collector StatusCheck this checkbox to display the FortiEDR icon on each FortiEDR-protected device or leave the checkbox unchecked to hide the icon on each protected device. Your selection here is applied on all protected devices. The default is checked.
    Show a Pop-up Message for Any Prevention ActivityCheck this checkbox to enable the display of pop-up messages (end-user notifications) on FortiEDR-protected devices. Pop-up messages display whenever a process was prevented. By default, the name of the activity of the blocked process is displayed in the pop-up message. The default is checked.

    In the text box below these two checkboxes, you can customize the text that is displayed in the pop-up message. Enter the text you want to display in the text box.

  3. Click the Save button.
Previous
Next

End-user Notifications

Each device protected by FortiEDR can display an icon in the system tray to indicate its state.

The FortiEDR icon indicates the current state of the device, as follows:

  • Protection On
  • Protection Off/Disabled
  • Degraded
  • Isolated

Note – Terminating a FortiEDR process ends this process and stops the display of the FortiEDR icon in the system tray, but does not stop FortiEDR protection.

When the FortiEDR icon is configured to display on FortiEDR-protected devices, a popup message displays whenever something is blocked on a protected device (based on the blocking policy set for that device). File modifications (due to suspected ransomware), the exfiltration of external connections and execution prevention actions can be blocked. For example, the following shows that a TCP port listening action was blocked for the DynamicCodeListenTests.exe process.

Note- This notification is displayed only once for the same process. If the same process is blocked multiple times, only a single FortiEDR pop up is displayed.

You can choose to show or hide end-user notifications (pop-ups) for the next 24 hours. To do so, right-click the FortiEDR icon in the system tray and then check the checkbox to hide notifications or leave the checkbox unchecked to display notifications.

You can double click the FortiEDR icon in the system tray to review recent blocking activity on the device as shown below. Each row includes a single event (that can be composed of multiple occurrences) and displays the process name, the first and last occurrences times, the process ID and the type of blocking: either security or communication control.

Expanding the arrow on the right of each event reveals more details per event including the process path and the number of occurrences of the same blocking event:

FortiEDR Icon Configuration

The behavior of the FortiEDR icon in the system tray must be configured in the Administration tab.

To configure FortiEDR icon behavior:

  1. 1 Click the TOOLS link in the left pane.

  2. In the END USERS NOTIFICATION area, configure the following settings:

    Setting

    Definition

    Show System Tray Icon with Collector StatusCheck this checkbox to display the FortiEDR icon on each FortiEDR-protected device or leave the checkbox unchecked to hide the icon on each protected device. Your selection here is applied on all protected devices. The default is checked.
    Show a Pop-up Message for Any Prevention ActivityCheck this checkbox to enable the display of pop-up messages (end-user notifications) on FortiEDR-protected devices. Pop-up messages display whenever a process was prevented. By default, the name of the activity of the blocked process is displayed in the pop-up message. The default is checked.

    In the text box below these two checkboxes, you can customize the text that is displayed in the pop-up message. Enter the text you want to display in the text box.

  3. Click the Save button.
Previous
Next