Predefined Policies
FortiEDR is provided out-of-the-box with several predefined policies, ready for you to get started. These policies are marked with the logo.
- The Default Communication Control policy is one such policy, and is always listed first in the list of policies. The Default Communication Control policy is a blocklisting policy that is automatically applied to any Collector Group that is not assigned to any of the other Communication Control policies.
- The Servers predefined policy is an allowlist policy that assigns a Deny action to all applications by default, except for a list of known, recognized and legitimate applications, which are allowed. This policy gives your organization a jump-start, as some of the leg work to identify legitimate applications in your organization has already been done for you.
- The Isolation predefined policy isolates (blocks) communication to/from a device. This policy cannot be deleted and only applies in Prevention mode. When this policy is in force and communication for a given device has been blocked, you can manually permit communication to/from the device for a specific application using the procedure below.
To permit communication to/from the device for a specific application:
- Select the APPLICATIONS page.
- Select the application/version to which you want to permit communication.
- Click the Modify Action button. The following displays:
- In the Isolation Policy row, select Allow in the dropdown menu.