Fortinet black logo

Administration Guide

Modifying a Policy Action

Copy Link
Copy Doc ID 82fbe02c-e479-11eb-97f7-00505692583a:981569
Download PDF

Modifying a Policy Action

The following describes how to apply a different action to an application/version other than that specified in the current policy for that application/version. In this case, the application/version is excluded from the current action defined in the policy (Allow or Deny).

When modifying a policy action in this manner, the Application/Version Details area displays Manually to indicate that the action was modified manually, and is excluded from the action defined in the policy.

To modify a policy action:

  1. Select the application/version checkbox and then click the button. The Modify Action window displays.

  2. In the dropdown list on the right of the policy row whose action you want to change, click the down arrow and then select the action to apply to the selected entity. You can change the action for one or more policies.
  3. [Optional] In the Comment field, enter a free-text comment describing the action change. By default, the date and time when the policy action was changed automatically displays.

  4. [Optional] Check the Exclude All Current Versions checkbox if you want to exclude existing application versions from the decision. In this case, the new communication control decision only applies to a future version of the product. The application of the policy action change applies for current versions of the application. When this checkbox is not selected, the change is applied to all versions of the application.
  5. Click the arrow next to the button to save the new communication control decision for the selected application(s).

When any FortiEDR Central Manager user marks an application/version as Resolved, all users see it as having been resolved. You can also mark an application/version as resolved using the icon in its row in the application list.

Modifying a Policy Action

The following describes how to apply a different action to an application/version other than that specified in the current policy for that application/version. In this case, the application/version is excluded from the current action defined in the policy (Allow or Deny).

When modifying a policy action in this manner, the Application/Version Details area displays Manually to indicate that the action was modified manually, and is excluded from the action defined in the policy.

To modify a policy action:

  1. Select the application/version checkbox and then click the button. The Modify Action window displays.

  2. In the dropdown list on the right of the policy row whose action you want to change, click the down arrow and then select the action to apply to the selected entity. You can change the action for one or more policies.
  3. [Optional] In the Comment field, enter a free-text comment describing the action change. By default, the date and time when the policy action was changed automatically displays.

  4. [Optional] Check the Exclude All Current Versions checkbox if you want to exclude existing application versions from the decision. In this case, the new communication control decision only applies to a future version of the product. The application of the policy action change applies for current versions of the application. When this checkbox is not selected, the change is applied to all versions of the application.
  5. Click the arrow next to the button to save the new communication control decision for the selected application(s).

When any FortiEDR Central Manager user marks an application/version as Resolved, all users see it as having been resolved. You can also mark an application/version as resolved using the icon in its row in the application list.