Remote shell connection cannot be established if collector connects to aggregator via a proxy server.

New integrations (Google SCC and User Access) require the use of Core build 5.2.0.2139 or above.

Rest API is not enforcing users roles permissions.

Custom connectors and actions cannot be viewed by a user without checking the “Custom script” checkbox for that user.

In multi-tenant environments, SAML/LDAP authentication of Admin users with All organizations (hoster) scope provides permissions only to the default organization after the upgrade from 5.0 or 5.2.0 to 5.2.1.

Workaround: Reconfigure SAML/LDAP in hoster view after upgrading to 5.2.1.

No on-premise support.

FortiEDR Connect cannot be used to run commands that are user-interactive

It is not possible to redirect FortiEDR web to a URL that is different than the one provided by Fortinet.

FortiEDR Connect session may be disconnected due to inactivity of the FortiEDR Console, even though the Connect session is active.

Application Control search only works by exact match

Windows security center registration is not supported with Windows servers 2019 and above.

Linux Collector content file is large and uploads slowly to the Central Manager.

In Windows Security Center > Virus and Threat Protection, when you click "open app", end-user notification is presented instead of the FortiEDR tray app.

OS indication is missing under Inventory and Dashboard for Linux Collector for Centos 6.

Device internal and external IP is missing from Threat Hunting events of Linux devices.

Organization filter under Threat Hunting Hoster view malfunctions.

SAML authentication cannot work with different organizations that use the same SAML Azure account.

Workaround: Use different Azure accounts for different FortiEDR organizations.

In the presence of an email filtering system and/or a mail transfer agent that modifies the URL content, the installer download URL might include space(s) or %20s in it, which are added by the system/agent. This results in a signature error message from the installer storage.

Workaround: In such cases, the URL should be amended to drop the redundant space/%20 before it can be used.

Threat hunting exclusions cannot be set on log events coming from Linux devices

Collector upgrade via custom installer requires password.

Downgrading the Collector Version: When downgrading and restarting a device, the Collector does not start.

Workaround: Uninstall the Collector, reboot the device and then install the older version.

Isolation and communication control connection denial are not supported with Oracle Linux Collectors.

A newly created API user cannot connect to the system via the API.

Workaround: Before sending API commands, a new user with the API role should log into the system at least once in order to set the user’s password.

Safari 11.1 on MacOS malfunctions when viewing events.

Limited support when accessing the Manager Console with Internet Explorer, EdgeHTML and Safari 13 or above. Chromium Edge is supported, as well as Chrome, FireFox and Safari 11 and above.

Number of destinations under communication control is limited to 100 IP addresses.

SAML Authentication can fail when used with Azure SSO due to exceeded time skew.

Workaround: Sign out and then sign in again to Azure so that the date and time provided to FortiEDR are refreshed.

Some AV Products, including Windows Defender and some versions of FortiClient, require that their realtime protection be disabled in order to be installed alongside a FortiEDR Collector.

This is the result of FortiEDR registration as an antivirus (AV) in the Microsoft Security Center that was introduced in V4.0. Although there is no need for more than a single AV product to be installed on a device, FortiEDR can be smoothly installed, even if there is another AV already running. However, there are some other products whose installation fails when there are other AV products already registered.

Workaround: Disable realtime protection on the other product, or remove FortiEDR’s AV registration with Microsoft Security Centervia UI.

A Collector may fail to install or upgrade on old Windows 7 and Server 2008 devices that cannot decrypt strong ciphers with which FortiEDR Collector is signed.

Workaround: Patch Windows with Microsoft KB that provides SHA-256 code sign support.

Upgrading from Older Versions: A direct upgrade path for backend components (Central Manager, Aggregator, Core, Threat Hunting Repository) of V5.0.2 or earlier is not supported.

Workaround: Upgrade the older environment to V5.0.3 before upgrading it to V5.2.