Fortinet Document Library

Version:

7.2.0
7.0.0

Table of Contents

Endpoint Posture Check Reference

7.2.0
7.2.0
7.0.0
Download PDF
Copy Link

Endpoint posture check

The following are different context-based posture checks that FortiClient EMS supports as part of the Zero Trust solution:

Recommended posture checks

For vulnerable devices, checking for devices with high-risk vulnerabilities and above is recommended.

Rule type

Posture check

Supported operating systems
Vulnerable devices Critical Windows, macOS, Linux
High or higher Windows, macOS, Linux
Medium or higher Windows, macOS, Linux
Low or higher Windows, macOS, Linux
Antivirus (AV) software AV software is installed and running Windows, macOS, Linux
AV signature is up-to-date Windows, macOS, Linux
Windows security Windows Defender is enabled Windows
Bitlocker Disk Encryption is enabled Windows
Exploit Guard is enabled Windows
Application Guard is enabled Windows
Windows Firewall is enabled Windows
Security FileVault Disk Encryption is enabled macOS
EMS management FortiClient installed and Telemetry is connected to EMS Windows, macOS, Linux, iOS, Android

Common vulnerabilities and exposures (CVE)

Presence of [CVE]

Windows, macOS, Linux, iOS, Android

Other posture checks

Rule type

Posture check

Supported operating systems
Active Directory (AD) group Member of [AD Group] Windows, macOS
Certificate Certificate contains [Subject CN] and [Issuer CN] Windows, macOS, Linux
File Presence of [File] Windows, macOS, Linux
IP range Device in the [IP Range] Windows, macOS, Linux, IOS, Android
Logged in domain Member of [Domain] Windows, macOS
On-Fabric status On-Fabric Windows, macOS, Linux, IOS, Android

 

OS version

Windows Server 2022

Windows
Windows Server 2019 Windows
Windows Server 2016 Windows
Windows Server 2012 R2 Windows
Windows Server 2012 Windows
Windows Server 2008 R2 Windows

Windows 11

Windows
Windows 10 Windows
Windows 8.1 Windows
Windows 8 Windows
Windows 7 Windows
Mojave macOS
High Sierra macOS
Sierra macOS
Catalina macOS
Big Sur macOS

Monterey

macOS
CentOS 7.5 Linux
CentOS 7.4 Linux
CentOS 8 Linux
Red Hat 7.6 Linux
Red Hat 7.5 Linux
Red Hat 7.4 Linux
Red Hat 8 Linux
Red Hat 8.1 Linux
Ubuntu 18.04 Linux
iOS 9, 10, 11, 12, 13, 14 iOS
Android 5, 6, 7, 8, 9, 10, 11 Android
Registry key [Registry Key] Windows
Running process Presence of [Running Process] Windows, macOS, Linux
Sandbox detection Sandbox detected malware in last 7 days Windows, macOS
User identity User-specified Windows, macOS, Linux, iOS, Android
Social network login Windows, macOS, Linux, iOS, Android

Endpoint posture check

The following are different context-based posture checks that FortiClient EMS supports as part of the Zero Trust solution:

Recommended posture checks

For vulnerable devices, checking for devices with high-risk vulnerabilities and above is recommended.

Rule type

Posture check

Supported operating systems
Vulnerable devices Critical Windows, macOS, Linux
High or higher Windows, macOS, Linux
Medium or higher Windows, macOS, Linux
Low or higher Windows, macOS, Linux
Antivirus (AV) software AV software is installed and running Windows, macOS, Linux
AV signature is up-to-date Windows, macOS, Linux
Windows security Windows Defender is enabled Windows
Bitlocker Disk Encryption is enabled Windows
Exploit Guard is enabled Windows
Application Guard is enabled Windows
Windows Firewall is enabled Windows
Security FileVault Disk Encryption is enabled macOS
EMS management FortiClient installed and Telemetry is connected to EMS Windows, macOS, Linux, iOS, Android

Common vulnerabilities and exposures (CVE)

Presence of [CVE]

Windows, macOS, Linux, iOS, Android

Other posture checks

Rule type

Posture check

Supported operating systems
Active Directory (AD) group Member of [AD Group] Windows, macOS
Certificate Certificate contains [Subject CN] and [Issuer CN] Windows, macOS, Linux
File Presence of [File] Windows, macOS, Linux
IP range Device in the [IP Range] Windows, macOS, Linux, IOS, Android
Logged in domain Member of [Domain] Windows, macOS
On-Fabric status On-Fabric Windows, macOS, Linux, IOS, Android

 

OS version

Windows Server 2022

Windows
Windows Server 2019 Windows
Windows Server 2016 Windows
Windows Server 2012 R2 Windows
Windows Server 2012 Windows
Windows Server 2008 R2 Windows

Windows 11

Windows
Windows 10 Windows
Windows 8.1 Windows
Windows 8 Windows
Windows 7 Windows
Mojave macOS
High Sierra macOS
Sierra macOS
Catalina macOS
Big Sur macOS

Monterey

macOS
CentOS 7.5 Linux
CentOS 7.4 Linux
CentOS 8 Linux
Red Hat 7.6 Linux
Red Hat 7.5 Linux
Red Hat 7.4 Linux
Red Hat 8 Linux
Red Hat 8.1 Linux
Ubuntu 18.04 Linux
iOS 9, 10, 11, 12, 13, 14 iOS
Android 5, 6, 7, 8, 9, 10, 11 Android
Registry key [Registry Key] Windows
Running process Presence of [Running Process] Windows, macOS, Linux
Sandbox detection Sandbox detected malware in last 7 days Windows, macOS
User identity User-specified Windows, macOS, Linux, iOS, Android
Social network login Windows, macOS, Linux, iOS, Android