User cannot communicate externally or files modification activity is blocked
Microsoft Windows-based devices
The Windows Event Viewer records whenever a FortiEDR Collector blocks communication from a device or file modification related to ransomware activity. This information is recorded in the Windows Event Viewer log located in the following location: Event Viewer > Windows Logs > Application.
macOS-based devices
The mconsole records whenever a FortiEDR Collector blocks communication from a device or file modification related to ransomware activity. This information is recorded in the macOS console log located in the following location: Applications > Utilities > Console > All Messages, as shown below: