Fortinet black logo

Administration Guide

Use case

Copy Link
Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:605737
Download PDF

Use case

The company network rules prohibit registered hosts on the network from having LimeWire installed on the host. Hosts are required to have a Persistent Agent and are scanned daily to maintain compliance. If LimeWire is installed, the host will receive three warnings before being removed from the network.

To set up a custom scan to enforce this rule:

  1. Create a custom scan for Registry Key, enter the details for LimeWire, set Prohibit to True, and set the Severity level to Warning. See Add a custom scan or Add a custom scan.
  2. Create a regular Scan and enable the custom scan within that scan. See Add/modify a scan.
  3. Schedule the regular Scan to be rerun daily. See Schedule a scan.
  4. Create an Endpoint Compliance Policy that contains the regular Scan. See Endpoint compliance policies.
  5. Map the Security Risk Host event to an alarm that will take action on the third occurrence of the event, and set the host At Risk and Send a message. See Add or modify alarm mapping.
  6. Configure the Security Management Properties Warning message block. See Security management.
  7. Configure the web page that the host will be redirected to when moved to Remediation. The web page used is created outside the program. In order to keep this page from being overwritten during an upgrade, it should be stored in /bsc/Registration/registration/site . Then, return to your custom scan and modify it to contain the new web address.

    If the host fails the scan, the first two times, the Warning message is sent. On the third failure, the host is sent the Warning message, is marked At Risk, and moved to Remediation. The web page informs the user about the failure to meet policy requirements. The host self-remediates and rescans. When the host passes the policy, the host is moved back to the production network.

Use case

The company network rules prohibit registered hosts on the network from having LimeWire installed on the host. Hosts are required to have a Persistent Agent and are scanned daily to maintain compliance. If LimeWire is installed, the host will receive three warnings before being removed from the network.

To set up a custom scan to enforce this rule:

  1. Create a custom scan for Registry Key, enter the details for LimeWire, set Prohibit to True, and set the Severity level to Warning. See Add a custom scan or Add a custom scan.
  2. Create a regular Scan and enable the custom scan within that scan. See Add/modify a scan.
  3. Schedule the regular Scan to be rerun daily. See Schedule a scan.
  4. Create an Endpoint Compliance Policy that contains the regular Scan. See Endpoint compliance policies.
  5. Map the Security Risk Host event to an alarm that will take action on the third occurrence of the event, and set the host At Risk and Send a message. See Add or modify alarm mapping.
  6. Configure the Security Management Properties Warning message block. See Security management.
  7. Configure the web page that the host will be redirected to when moved to Remediation. The web page used is created outside the program. In order to keep this page from being overwritten during an upgrade, it should be stored in /bsc/Registration/registration/site . Then, return to your custom scan and modify it to contain the new web address.

    If the host fails the scan, the first two times, the Warning message is sent. On the third failure, the host is sent the Warning message, is marked At Risk, and moved to Remediation. The web page informs the user about the failure to meet policy requirements. The host self-remediates and rescans. When the host passes the policy, the host is moved back to the production network.