Fortinet white logo
Fortinet white logo

Administration Guide

Security Policies page

Security Policies page

The SECURITY POLICIES page displays a row for each security policy. Each policy row can be expanded to show the rules that it contains, as shown below. To access this page, click the down arrow next to SECURITY SETTINGS and then select Security Policies.

FortiEDR is provided out-of-the-box with several predefined security policies (depending on your license), ready for you to get started. By default, all policies are set to Simulation mode (meaning that they only log and do not block) and show the logo. This page also enables you to define additional policies.

Security Policy

Icon

Exfiltration Prevention
Ransomware Prevention
Execution Prevention
Device Control Policies

Application Control Policies

Extended Detection

The following information is defined per security policy:

Information Field

Description

Policy Name The policy name appears in the left most column. The policy name is defined when the policy is created. The name of the Default Policy cannot be changed.
Rule Name

FortiEDR’s proprietary rules come predefined and are the primary component of FortiEDR’s proprietary security solution. This column displays a short description for the purpose of this rule.

Note

You can expand the ADVANCED POLICY & RULES DATA area at the bottom left of the window to display a more detailed description of what the rule does and how it works.

Action

Specifies the action that is enforced when this rule is violated. You can change this field, as follows:

  • Block : When this policy is set to Prevention mode (Setting a security policy’s Prevention or Simulation mode), the exfiltration attempt is blocked and a blocking event is generated. When this policy is set to Simulation mode, the outgoing connection attempt is NOT blocked and a simulated-blocking event is generated (this indicates that FortiEDR would have blocked the exfiltration if the policy had been set to Prevention mode).

  • Log : The event is only logged regardless of whether the policy is set to Prevention or Simulation mode. The outgoing connection attempt is not blocked.

State (Enabled/Disabled) This option enables you to disable/enable this rule. FortiEDR’s rules have been created as a result of extensive expertise and experience. Therefore, we do not recommend disabling any of them.
Note

To reset a FortiEDR security policy to its out-of-the-box settings, click the Reset Policy button in the ADVANCED POLICY & RULE DATA section, as shown below:

Security Policies page

Security Policies page

The SECURITY POLICIES page displays a row for each security policy. Each policy row can be expanded to show the rules that it contains, as shown below. To access this page, click the down arrow next to SECURITY SETTINGS and then select Security Policies.

FortiEDR is provided out-of-the-box with several predefined security policies (depending on your license), ready for you to get started. By default, all policies are set to Simulation mode (meaning that they only log and do not block) and show the logo. This page also enables you to define additional policies.

Security Policy

Icon

Exfiltration Prevention
Ransomware Prevention
Execution Prevention
Device Control Policies

Application Control Policies

Extended Detection

The following information is defined per security policy:

Information Field

Description

Policy Name The policy name appears in the left most column. The policy name is defined when the policy is created. The name of the Default Policy cannot be changed.
Rule Name

FortiEDR’s proprietary rules come predefined and are the primary component of FortiEDR’s proprietary security solution. This column displays a short description for the purpose of this rule.

Note

You can expand the ADVANCED POLICY & RULES DATA area at the bottom left of the window to display a more detailed description of what the rule does and how it works.

Action

Specifies the action that is enforced when this rule is violated. You can change this field, as follows:

  • Block : When this policy is set to Prevention mode (Setting a security policy’s Prevention or Simulation mode), the exfiltration attempt is blocked and a blocking event is generated. When this policy is set to Simulation mode, the outgoing connection attempt is NOT blocked and a simulated-blocking event is generated (this indicates that FortiEDR would have blocked the exfiltration if the policy had been set to Prevention mode).

  • Log : The event is only logged regardless of whether the policy is set to Prevention or Simulation mode. The outgoing connection attempt is not blocked.

State (Enabled/Disabled) This option enables you to disable/enable this rule. FortiEDR’s rules have been created as a result of extensive expertise and experience. Therefore, we do not recommend disabling any of them.
Note

To reset a FortiEDR security policy to its out-of-the-box settings, click the Reset Policy button in the ADVANCED POLICY & RULE DATA section, as shown below: