Resolved issues
The following issues have been fixed in FortiEDR. For inquires about a particular bug, please contact Customer Service & Support.
Threat Hunting Repository - Build 1000
Bug ID |
Description |
---|---|
N/A | Memory management enhancements. |
Threat Hunting Repository - Build 925
Bug ID |
Description |
---|---|
835261 | Registration to Middleware causes index rollover even when there are no changes. |
835262 |
Add Maintenance Controller to Middleware. |
835263 |
Support schema update when the version is different (not just higher). |
Threat Hunting Repository - Build 902
Bug ID |
Description |
---|---|
816698 | "All Activity" counter is calculated incorrectly in dual data source environments in threat hunting page. |
819555 |
Adding "action.auto_create_index" to cluster settings causes reindex to stop working. |
Threat Hunting Repository - Build 677
Bug ID |
Description |
---|---|
805997 | Degraded Core and disconnected Repository status due to wrong Middleware health check. |
793042 |
Loading Data Failed error on the threat hunting page following creation of a new organization. |
Threat Hunting Repository - Build 556
Bug ID |
Description |
---|---|
790224 |
Deleting an organization in environments that were upgraded from build 5.0.2 deletes all threat hunting data. |
Threat Hunting Repository - Build 554
Bug ID |
Description |
---|---|
789045 |
Threat hunting middleware upgrade from v5.0.2 to v5.0.3 fails due to incorrect storage validation. |
772481 |
Fix Middleware performance issues. |
Threat Hunting Repository - Build 477
Bug ID |
Description |
---|---|
771161 |
A very slow restart of an environment with many organizations due to slow Threat Hunting Repository registration. |
771479 771568 |
Reduce the number of indexes by not including empty ones and by deleting indexes before limits are reached. |
Threat Hunting Repository - Build 449
Bug ID |
Description |
---|---|
767855 |
Despite the non-exploitable nature of CVE-2021-44228 in FortiEDR Threat Hunting Repository, adjusted the Repository configuration for enhanced security against this vulnerability. |
Threat Hunting Repository - Build 323
Bug ID |
Description |
---|---|
751618 |
Addressed malfunction in Organization creation triggered by wrong calculation of storage in longevity scenarios. |
Core - Build 968
Bug ID |
Description |
---|---|
860943 863339 864542 |
A rare case of Core crash. |
Core - Build 953
Bug ID |
Description |
---|---|
820151 |
Case of Core attempting to archive EDRv2 Database. |
814548ֿ 823885 |
Unable to export cloud core logs in Central Manager. |
845305 |
Prevent unnecessary creation of silent events. |
Core - Build 733
Bug ID |
Description |
---|---|
807434 791308 |
Applications are not populating on Communication Control page. |
Core - Build 724
Bug ID |
Description |
---|---|
800341 798975 802134 |
Core cannot handle bursts of threat hunting events and getting reputation updates. |
Core - Build 707
Bug ID |
Description |
---|---|
754022 |
Collectors become autonomous and threat hunting data is not refreshing due to Core synchronization issue. |
791308 |
Communication control applications are not updated on manager. |
Core - Build 701
Bug ID |
Description |
---|---|
795085 793287 |
Reduce events load on manager by improving Common Control events aggregation. |
756440 767740 |
Core is sometimes degraded following environment upgrade from v4. |
771542 770633 773946 771840 |
Core that was set to be Jumpbox only is reported as degraded. |
775334 | Improved security of Core / Manager registration process. |
Core - Build 413
Bug ID |
Description |
---|---|
754022 | Threat hunting data is not refreshing when the Core machine is running with 8 CPUs. |
744665 | Allow setting a more specific Exception on network scan tool based on remote operation stack. |
Core - Build 334
Bug ID |
Description |
---|---|
739881 | Allow setting more granular exceptions on scripts. |
734727 | Communication Control application usage is not being populated. |
746785 | Core crashes when trying to read old event file. |
732769 | Core crashes following an upgrade. |
734587 | High CPU due to deadlock related to threat hunting data memory corruption. |
733436 | Core logs cannot be exported from UI. |
741886 | Cannot set an exception on malicious process parent. |
745165 | Missing parent on suspicious script alert. |
Central Manager - Build 876
Bug ID |
Description |
---|---|
879182 891184 |
Executive summary report contains only EDRV1 repositories. |
890853 895263 |
A case of high memory usage. |
894944 887212 |
A case of high CPU load. |
Central Manager - Build 873
Bug ID |
Description |
---|---|
875608 876345 |
Address issue with Rest API token expiry. |
875593 876337 |
Address issue with Rest API login hardening. |
861482 865823 867906 |
Java libraries update. |
875191 882944 878528 881876 841444 845306 868579 |
Console slowness related to redundant classification history. |
866109 869781 |
A case of covering query discrepancy. |
875191 881589 |
Improve internal resource management for Communication Control. |
Central Manager - Build 860
Bug ID |
Description |
---|---|
865964 870383 |
Event search by agent name works slower than expected. |
843211 860220 870257 |
A case of Collector registration identification issue causing duplication. |
865696 868257 872737 |
Syslog messages stopped after a network failure. |
Central Manager - Build 853
Bug ID |
Description |
---|---|
852093 860367 |
A case of empty user name entries in Audit Logs for Communication Control. |
856319 863114 858986 |
Registration failure when using an invalid ID. |
863631 867904 |
Memory optimization when loading event aggregations. |
848664 859592 |
IOT Device Discovery collector group exclusion not retaining settings. |
863850 868255 |
A rare case where a Collector is not successfully deleted, causing a configuration issue. |
868032 868583 |
Agents are running in autonomous mode due to configuration issue . |
852083 864558 |
A case of periodic scan indication discrepancy. |
860086 859455 860760 |
A case of failure to run Collectors report. |
861875 |
Upgrade step failure. |
840847 |
Change registration of VDI Collectors to be based on the vdi hostname. |
858971 |
Audit error when moving a Collector to an expired group. |
857296 |
Optimistic locking during security events handling. |
861510 |
A case of failure to retrieve data when non-UTF-8 characters exist. |
Central Manager - Build 844
Bug ID |
Description |
---|---|
835075 |
Occurrence of events ״handled by״ username display issue. |
835446 | LDAP connection periodic warning. |
838183 | Dashboard security events and Event Viewer do not show exactly the same list of unhandled processes/events. |
843211 |
A rare issue with registering a Collector. |
844232 |
An issue with selecting all groups on assigning security policies. |
845307 |
Offloading load from the Central Manager. |
845384 |
"When created by" field in exception is inactive. |
849357 |
Issue of moving expired Collectors between groups/organizations. |
851572 |
Improve logs in applications learning flow. |
852990 | Display issue of Collectors that were moved from one tenant to another. |
853784 |
Disable AV signatures in Nginx. |
856319 |
A case of registration failure. |
856933 |
A case of rollback during handling of search requests. |
856942 |
Failure in deleting an empty Collector group. |
857296 |
Optimistic locking during security events handling |
858559 |
A case where a wrong OS family value leads to rollbacks. |
820239 830411 |
Case of management remediation action mapped to wrong RDI. |
822053 842231 |
Java permission error when viewing security events. |
833313 838895 |
Rare failure in generating Collectors report. |
844288 841058 |
Covering query performance improvement. |
854247 849898 |
A case of degraded status in macOS Collector. |
853336 842755 850671 |
Failure in opening specific events in the Forensics tab. |
847528 848524 843608 848358 854262 |
An issue with parent process resulting in uncovered RDI. |
Central Manager - Build 834
Bug ID |
Description |
---|---|
839641 834706 |
Exception covering query miscalculation when using parent process. |
839917 |
Case of FortiEDR Aggregator sporadically disconnection. |
835764 | Case of REST list-raw-data-items call failure. |
835446 |
LDAP connection periodic warning. |
845307 | Offloading load from the Manager by dropping suppressed events . |
844125 |
Optimization during security events and IoT deep scans. |
842870 |
Log JSON content in case invalid event is received. |
846974 |
Rare case of some syslog massages that are not received. |
Central Manager - Build 828
Bug ID |
Description |
---|---|
839641 | Irrelevant exceptions are listed under different RDIs. |
839244 839917 |
Sporadically disconnected Connectors related to failure to get configuration. |
839748 | Exception covering query discrepancy when an event's process is missing. |
824323 820132 |
Exception covering query discrepancy in a case where Collector was removed. |
840456 | Improve performance of list-events Rest API. |
Central Manager - Build 827
Bug ID |
Description |
---|---|
810081 810168 828134 |
Covering Query discrepancy when selecting parent process. |
831565 | Failure in get-events API, related to settings of events reduction mechanism. |
809270 | Organization expiration date is saved with an earlier than defined date. |
816402 | Covering query discrepancy when comparing parent process. |
821466 | Covering query discrepancy when event's process is missing. |
831124 | Events search is slow. |
835213 | Failure to login with 2 Factor Authentication after upgrade. |
835821 837985 |
Slowness and Console freeze related to IOT deadlock. |
837807 | Management deadlock during simultaneous collector delete and application learning from this collector. |
834581 | No applications learned when Collector moved from main account to new organization. |
822075 | Fixed issues of Aggregator registration. |
829534 832527 |
Hardening – limit exposure of internal services. |
836020 |
Upgrading to version 5.0.3.823 fails. |
834341 |
Resolved logic of same IP appearing in both "Included" and Excluded" in "Internal Destinations". |
Central Manager - Build 823
Bug ID |
Description |
---|---|
826090 829671 831565 824442 |
Change settings of events reduction mechanism. |
831425 | Fixed Unhandled filter in Hoster view. |
830935 | A case when Event Viewer displays errors related to Database. |
828322 | Manager crash related to a case of over 100K applications when searching apps with no vendor selected. |
819083 |
Repeating system events on a migrated Collector that failed to register in the destination environment. |
816887 |
Event wrongly shown as covered by exception due to miscalculation related to User field. |
783936 832527 |
Hardening of interfaces. |
814217 |
Exception covering query "Listen on Port Attempt" causing exception to be shown as fully covered when it's actually partially covered. |
829902 |
Custom Connectors: new action cannot be added. |
819950 |
Playbook is now included in default Organization import/export. |
825264 |
Classification rules are not updated when content is uploaded unless a Management restart is performed, which might cause an exception on later content updates. |
831723 |
Custom Collector installer: add text for explaining limitations on supported collector versions for PVS. |
Central Manager - Build 815
Bug ID |
Description |
---|---|
827768 | Cannot create an exception on 5.0.3.811 build due to incorrect restriction for old Collectors. |
825077 816863 |
Slow console due to Exception Covering Query calculation. |
814217 |
Exception Covering Query "Listen on Port Attempt" causing partially-covered exceptions to be shown as fully covered. |
827999 |
Login failure with LDAP user after restarting of management server. |
Central Manager - Build 811
Bug ID |
Description |
---|---|
819783 |
Accommodate Microsoft SCCM’s default behavior with Powershell scripts within FortiEDR Security Policies. |
819076 819073 |
Fixed Aggregator OOM case. |
816584 | Unhandled event does not populate under Unhandled filter. |
817636 | Fixed Aggregator registration failure edge case. |
816887 761953 793155 796235 |
Fixed Exception Covering Query indication. |
806614 | Fixed Hoster view of Unmanaged devices to display all. |
806578 | Fixed user password reset failure edge case. |
811066 | Core degraded due to wrong configuration related to XDR policy. |
802617 | Fixed Automatic Collectors Update when core is updated. |
803646 | Fixed moving only selected Collectors from search results to another Collector group. |
801620 817661 816437 |
Fixed Collector degradation issue due to missing configuration. |
800949 | Fixed degraded Collector case when configuration uses wildcard characters on exclusion path. |
787991 | Fixed login session timeout configuration. |
796874 | Fixed security events not showing on Manager due to connection restore. |
790839 |
REST API method unable to retrieve list of collectors that are in running state within a time range. |
771167 791770 792560 |
Fixed inaccurate CVE data presentation for application. |
784040 | Fixed incorrect number of events showing in Forensics tab. |
798467 | Fixed deleting applications failure due to access prevention. |
761756 | Removed Communication Control error indication due to 1k applications limit in old Collector. |
822075 | Fixed existing external Aggregator registration failure on upgrade. |
814294 800046 |
Fixed internal error when enriching Communication Control application triggered from many collectors. |
785521 | Fixed EDRV2 showing as degraded in the dashboard. |
Central Manager - Build 684
Bug ID |
Description |
---|---|
819728 822280 |
Manager out-of-memory failure. |
811066 | Exception covering discrepancy when using process script. |
813470 |
Communication Control Application not shown due to missing details when deleting an agent group. |
814292 |
Slow loading of Security Events screen with Unhandled filter. |
817496 |
Enhanced response time of search on Communication Control Applications page. |
Central Manager - Build 678
Bug ID |
Description |
---|---|
809972 |
Manager crashes when many connector actions take place at once. |
811066 | Core becomes degraded when XDR policies are cloned. |
812774 784287 |
Hardening related to Fortinet Fabric connectors and port configuration. |
Central Manager - Build 672
Bug ID |
Description |
---|---|
797173 804704 |
Improved handling of syslog failures. |
803035 | Events search is very slow. |
808059 | Cores become degraded once XDR policy is cloned. |
810010 | VDI registration fails when VDI groupName is updated. |
810825 | VDI registration of an existing VDI should not overide existing group. |
785976 | Exception Excel report cannot be exported for more than 200 records. |
799281 | Threat hunting query do not auto complete MITRE field values. |
794021 | FP on new FortiClient. |
Central Manager - Build 576
Bug ID |
Description |
---|---|
778909 779480 763962 763598 786650 778039 748220 761303 779000 |
Security events' emails are not sent or are sent with a delay. |
786047 784055 |
Failure sending emails when configured to work with Office365 with TLS. |
779000 763598 |
Security events' syslog messages are not being sent. |
781326 | Manager slowness and rejection of Collectors registrations. |
791456 | License seats miscalculation. |
775507 | Cannot extract system logs due to operation timeout. |
792971 766168 |
Collectors displayed as disconnected due to stas task slowing down manager. |
782891 | Missing data in the exported report of communicating applications when selecting all filtered applications checkbox. |
781514 | Organization import fails when done from an organization with no threat hunting to an environment with threat hunting license. |
788961 | Organization import fails due to old audit log items. |
787779 | Exception does not show as covering when specific destinations are selected. |
785521 | Collector is not assigned to a group and leads to dashboard/Inventory UI and reports showing inconsistent data. |
777140 | A deleted Collector fails to re-register and remains degraded with no configuration. |
789227 | Raw data items paging always switches back to first page upon Exception setting or editing. |
773097 794427 |
Ad-hoc scan cannot be performed for selected Collectors. |
778863 780549 794512 |
Delayed or missing configuration leads to degraded Core and/or Collectors that do not switch in time to simulation. |
802832 | Bad threat hunting and communication control events handling due to Jumpbox being marked as Core and sent in Collectors configuration by mistake. |
795436 | Aggregator OOM on environments with many Cores. |
799603 | Collectors become degraded following an organization migration. |
795886 | Central Manager performance degradation due to an inefficient handling of application CVE data. |
795885 | IoT partial data due to missing deep scans in build 556. |
Central Manager - Build 553
Bug ID |
Description |
---|---|
758297 | When logged in with Admin MSSP, user data from the default organization is sometimes displayed rather than the selected organization data. |
766546 | All Collectors become degraded when the agent configuration is stuck. |
768709 |
Failure in creating, deleting, or editing organizations due to Threat Hunting Repository allocations. |
766464 |
Drilling down from Forensics to Threat Hunting by PID doesn't always yield results. |
773916 |
Duplicate users columns in Events Excel report. |
734309 |
AV Scan of specific Collectors/Collector Groups is not working. |
763047 |
Security events are repeatedly reclassified after being handled. |
774937 |
LDAP authentication failures. |
769332 |
Inaccurate tooltip for process path in the Exception window. |
744741 |
Exporting a large number of Events to Excel is stuck. |
770568 |
Exceptions with URL are sometimes not sent to Collectors. |
773398 |
Creating Exception fails with "System Busy" Error on UI. |
766103 |
Custom integration script is populated with the wrong device IP. |
770843 |
Incorrect hash value is displayed for an event. |
776704 |
Rest API Collector sorting by lastSeenTime does not work as expected. |
749213 |
Events RDI paging button doesn't work. |
784379 |
Not all users are populated in the Exception window. |
784726 |
VDI device registration doesn't work well when device ID is considered. |
784190 |
Error while filtering Communication Control events. |
783277 |
Collectors degraded due to an error in the configuration related to communication control decision. |
778016 |
Cannot list events when there is a large number of RDIs. |
771428 |
Errors in FCS response is causing delays in Collectors registration. |
749768 |
Target executable for Library Load events cannot be queried. |
775334 |
Improved security of Core / Collectors registration process |
Central Manager- Build 506
Bug ID |
Description |
---|---|
768571 |
The Central Manager is slow to respond following playbook actions of device isolation due to a redundant full configuration. |
770042 |
Threat hunting export logs show inconsistent results. |
768182 |
High CPU on the Central Manager server due to deadlock with handling IOT devices responses. |
762666 |
Central Manager UI crashes when trying to load events with a long reclassification history. |
770887 |
OOTB connectors actions do not work with shared cores that serve as Jump Box. |
774253 |
SQL error displayed on Events page. |
761963 |
Exceptions are loaded very slowly on UI. |
772545 |
Internal DB failure when deleting applications. |
769232 766168 |
Collector registration fails when it is allocated with the same ID of a deleted Collector. |
769854 |
Central Manager is inaccessible when running full configuration in an environment with lots of exceptions. |
763127 |
IoT license seat calculation is wrong. |
760023 |
IoT changes in settings such as auto-grouping cannot be saved. |
772501 767850 766885 |
Slow free-text search on the Events page. |
730826 |
Setting a vendor as allowed on a Communication Control Policy does not propagate to application and version. Hence the application is still blocked. |
773436 770200 |
MITRE tag links do not work for part of the rules. |
769249 773049 |
Expired Collectors are not properly calculated so no proper message is displayed on the Licensing page, and the corresponding system events are not being sent. |
772081 |
Failure starting manager when LDAP configuration has spaces due to missing escaping. |
770756 |
Low disk space alerts since Aggregator holds references to deleted configurations. |
771428 |
NPE during the processing of FCS response is causing delays in Collectors registration. |
757709 |
Managed devices with multiple mac addresses are wrongly displayed as unmanaged devices. |
773051 |
Repeating system events on a migrated Collector that failed to register in the destination environment. |
771484 |
Collectors in degraded on and upgraded environment with isolated Collectors. |
Central Manager - Build 448
Bug ID |
Description |
---|---|
767494 766484 760266 765038 766707 762466 |
Collectors or Cores become disconnected/degraded due to failure in creating full configuration. |
768508 | Full configuration fails on an environment with thousands of security rules. |
764440 | When using an MSSP hoster view, the total number of Collectors on the Inventory tab is displayed for the wrong, non-selected, account. |
762466 | Improve events learning efficiency by removing an unnecessary global update. |
766168 | New VDI Collector is registered but stays as disconnected. |
Central Manager - Build 418
Bug ID |
Description |
---|---|
741154 |
Collectors failed to register with the Central Manager. |
744863 |
Events are triggered even when there is Exception that is using IP Set. |
752314 |
Aggregator malfunction due to load of Events. |
753159 |
Communication Control tab is slow. |
741148 |
Cannot set Exception on Listen events due to missing IP. |
746463 |
Email notifications arrive with delay. |
752710 |
Playbook failed to trigger when “Move to High Security Group” is selected. |
742699 |
Error when creating communication control policy rule with many vendors. |
754817 754457 757020 746464 749050 |
Central Manager general slowness. |
742403 742404
|
Collectors displayed as disconnected on Central Manager although they are running. |
732242 |
IOT devices are not discovered across multiple subnets . |
748696 |
Events advanced search window opens up very slowly. |
741155 |
Manager fails to start due to incorrect LDAP/SAML settings . |
743387 |
Failed deleting a security event in an environment with many events. |
753598 |
LDAP configuration cannot be saved when done with Local Admin permissions. |
753598 |
LDAP configuration cannot be saved when done with Local Admin permissions. |
748792 753161 |
Pivoting from Forensics to Threat Hunting using PID yields empty results. |
743881 |
Cannot run a file scan if there are more than 20K Collectors in the specified Collector group . |
734622 |
Failed to export Exceptions report . |
Central Manager - Build 264
Bug ID |
Description |
---|---|
732901 |
Installations of on-premises Threat Hunting repository is not supported. |
733536 |
IOT allow option to ignore external IP when looking for managed devices. |
732805 |
Network discovery wrongly marks devices with existing Collectors as unmanaged devices and makes duplications of IOT devices. |
732834 |
IOT scan cannot be configured to be performed from a Windows server. |
732723 |
Deleting Collectors and tenants can take a very long time. |
732722 |
Search for Collectors last seen on Inventory works well only for part of the Collector Groups. |
732756 |
Export Collectors from Inventory is not working when done on search results. |
732838 |
Request Collectors installers group dropdown is empty when there are more than 100 groups in the environment. |
732885 |
XDR events falsely trigger also for Collector Groups that are not assigned to the XDR policy (group assignment is ignored). |