Fortinet black logo

Endpoint Posture Check Reference

Endpoint posture check

7.0.0
Copy Link
Copy Doc ID 53e73bae-366f-11ec-9c99-00505692583a:345666
Download PDF

Endpoint posture check

The following are different context-based posture checks that FortiClient EMS supports as part of the Zero Trust solution:

Recommended posture checks

For vulnerable devices, checking for devices with high-risk vulnerabilities and above is recommended.

Rule type

Posture check

Supported operating systems

Vulnerable devices Critical Windows, macOS, Linux
High or higher Windows, macOS, Linux
Medium or higher Windows, macOS, Linux
Low or higher Windows, macOS, Linux
Antivirus (AV) software AV software is installed and running. For Windows, this feature supports third party AV applications. For macOS and Linux, this feature can only check if FortiClient AV protection is enabled and does not recognize third party AV applications. Windows, macOS, Linux
AV signature is up-to-date Windows, macOS, Linux
Windows security Windows Defender is enabled Windows
Bitlocker Disk Encryption is enabled Windows
Exploit Guard is enabled Windows
Application Guard is enabled Windows
Windows Firewall is enabled Windows
Security FileVault Disk Encryption is enabled macOS
EMS management FortiClient installed and Telemetry is connected to EMS Windows, macOS, Linux, iOS, Android

Other posture checks

Rule type

Posture check

Supported operating systems

Active Directory (AD) group Member of [AD Group] Windows, macOS
Certificate Certificate contains [Subject CN] and [Issuer CN] Windows, macOS, Linux
File Presence of [File] Windows, macOS, Linux
IP range Device in the [IP Range] Windows, macOS, Linux, IOS, Android
Logged in domain Member of [Domain] Windows, macOS
On-Fabric status On-Fabric Windows, macOS, Linux, IOS, Android

OS version

Windows Server 2022

Windows

Windows Server 2019 Windows
Windows Server 2016 Windows
Windows Server 2012 R2 Windows
Windows Server 2012 Windows
Windows Server 2008 R2 Windows

Windows 11

Windows

Windows 10 Windows
Windows 8.1 Windows
Windows 8 Windows
Windows 7 Windows
Mojave macOS
High Sierra macOS
Sierra macOS
Catalina macOS
Big Sur macOS

Monterey

macOS

CentOS 7.5 Linux
CentOS 7.4 Linux
CentOS 8 Linux
Red Hat 7.6 Linux
Red Hat 7.5 Linux
Red Hat 7.4 Linux
Red Hat 8 Linux
Red Hat 8.1 Linux
Ubuntu 18.04 Linux
iOS 9, 10, 11, 12, 13, 14 iOS
Android 5, 6, 7, 8, 9, 10, 11 Android
Registry key [Registry Key] Windows
Running process Presence of [Running Process] Windows, macOS, Linux
Sandbox detection Sandbox detected malware in last 7 days Windows, macOS
User identity User-specified Windows, macOS, Linux, IOS, Android
Social network login Windows, macOS, Linux, IOS, Android
Previous
Next

Endpoint posture check

The following are different context-based posture checks that FortiClient EMS supports as part of the Zero Trust solution:

Recommended posture checks

For vulnerable devices, checking for devices with high-risk vulnerabilities and above is recommended.

Rule type

Posture check

Supported operating systems

Vulnerable devices Critical Windows, macOS, Linux
High or higher Windows, macOS, Linux
Medium or higher Windows, macOS, Linux
Low or higher Windows, macOS, Linux
Antivirus (AV) software AV software is installed and running. For Windows, this feature supports third party AV applications. For macOS and Linux, this feature can only check if FortiClient AV protection is enabled and does not recognize third party AV applications. Windows, macOS, Linux
AV signature is up-to-date Windows, macOS, Linux
Windows security Windows Defender is enabled Windows
Bitlocker Disk Encryption is enabled Windows
Exploit Guard is enabled Windows
Application Guard is enabled Windows
Windows Firewall is enabled Windows
Security FileVault Disk Encryption is enabled macOS
EMS management FortiClient installed and Telemetry is connected to EMS Windows, macOS, Linux, iOS, Android

Other posture checks

Rule type

Posture check

Supported operating systems

Active Directory (AD) group Member of [AD Group] Windows, macOS
Certificate Certificate contains [Subject CN] and [Issuer CN] Windows, macOS, Linux
File Presence of [File] Windows, macOS, Linux
IP range Device in the [IP Range] Windows, macOS, Linux, IOS, Android
Logged in domain Member of [Domain] Windows, macOS
On-Fabric status On-Fabric Windows, macOS, Linux, IOS, Android

OS version

Windows Server 2022

Windows

Windows Server 2019 Windows
Windows Server 2016 Windows
Windows Server 2012 R2 Windows
Windows Server 2012 Windows
Windows Server 2008 R2 Windows

Windows 11

Windows

Windows 10 Windows
Windows 8.1 Windows
Windows 8 Windows
Windows 7 Windows
Mojave macOS
High Sierra macOS
Sierra macOS
Catalina macOS
Big Sur macOS

Monterey

macOS

CentOS 7.5 Linux
CentOS 7.4 Linux
CentOS 8 Linux
Red Hat 7.6 Linux
Red Hat 7.5 Linux
Red Hat 7.4 Linux
Red Hat 8 Linux
Red Hat 8.1 Linux
Ubuntu 18.04 Linux
iOS 9, 10, 11, 12, 13, 14 iOS
Android 5, 6, 7, 8, 9, 10, 11 Android
Registry key [Registry Key] Windows
Running process Presence of [Running Process] Windows, macOS, Linux
Sandbox detection Sandbox detected malware in last 7 days Windows, macOS
User identity User-specified Windows, macOS, Linux, IOS, Android
Social network login Windows, macOS, Linux, IOS, Android
Previous
Next