Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Protection

Protection

To configure the Protection tab:
  1. Create a new profile or edit an existing one:
    1. Go to Configuration > Profiles.
    2. Click Create or edit an existing profile.
    3. In the Name field, enter the desired name of the endpoint profile.
  2. On the Protection tab, enable Next Generation AntiVirus. This feature includes real-time protection against viruses, as well as cloud-based malware detection. Cloud-based malware protection protects endpoints from high risk file types from external sources such as the internet or network drives by querying FortiGuard to determine whether files are malicious. This feature only works for endpoints where Malware Protection was enabled when installing FortiClient.
  3. Enable Automatically Scan for Vulnerabilities. FortiClient includes a vulnerability scan component to check endpoints for known vulnerabilities. You can view a summary of endpoint vulnerability information on the Dashboard.
  4. Enable Anti-Ransomware. This feature only works for endpoints where Malware Protection was enabled when installing FortiClient. Antiransomware protects all content in the selected folders against unauthorized changes. You can click Create to add a custom directory. To remove a folder, select it then click the Delete button.
  5. Enable Removable Media Access Control. This feature only works for endpoints where Malware Protection was enabled when installing FortiClient.
    1. Enable Notify Endpoint of Blocks to display a bubble notification when FortiClient takes action with a removable media device.
    2. Click Create to create a removal media access rule. Configure the following fields. For the class, manufacturer, vendor ID, product ID, and revision, you can find the desired values for the device in one of the following ways:

      • Microsoft Windows Device Manager: select the device and view its properties.

      • USBDeview

      Option

      Description

      Type

      Select Simple or Regex for the rule type.

      When Simple is selected, FortiClient performs case-insensitive matching against classes, manufacturers, vendor IDs, product IDs, and revisions.

      When Regex is selected, FortiClient uses Perl Compatible Regular Expressions (PCRE) to perform matching against classes, manufacturers, vendor IDs, product IDs, and revisions.

      Action

      Configure the action to take with removable media devices connected to the endpoint that match this rule. Available options are:

      • Allow: Allow access to removable media devices connected to the endpoint that match this rule.
      • Block: Block access to removable media devices connected to the endpoint that match this rule.

      Class

      Enter the device class.

      Manufacturer

      Enter the device manufacturer.

      Vendor ID

      Enter the device vendor ID.

      Product ID

      Enter the device product ID.

      Revision

      Enter the device revision number.

    3. Click OK.
Previous
Next

Protection

To configure the Protection tab:
  1. Create a new profile or edit an existing one:
    1. Go to Configuration > Profiles.
    2. Click Create or edit an existing profile.
    3. In the Name field, enter the desired name of the endpoint profile.
  2. On the Protection tab, enable Next Generation AntiVirus. This feature includes real-time protection against viruses, as well as cloud-based malware detection. Cloud-based malware protection protects endpoints from high risk file types from external sources such as the internet or network drives by querying FortiGuard to determine whether files are malicious. This feature only works for endpoints where Malware Protection was enabled when installing FortiClient.
  3. Enable Automatically Scan for Vulnerabilities. FortiClient includes a vulnerability scan component to check endpoints for known vulnerabilities. You can view a summary of endpoint vulnerability information on the Dashboard.
  4. Enable Anti-Ransomware. This feature only works for endpoints where Malware Protection was enabled when installing FortiClient. Antiransomware protects all content in the selected folders against unauthorized changes. You can click Create to add a custom directory. To remove a folder, select it then click the Delete button.
  5. Enable Removable Media Access Control. This feature only works for endpoints where Malware Protection was enabled when installing FortiClient.
    1. Enable Notify Endpoint of Blocks to display a bubble notification when FortiClient takes action with a removable media device.
    2. Click Create to create a removal media access rule. Configure the following fields. For the class, manufacturer, vendor ID, product ID, and revision, you can find the desired values for the device in one of the following ways:

      • Microsoft Windows Device Manager: select the device and view its properties.

      • USBDeview

      Option

      Description

      Type

      Select Simple or Regex for the rule type.

      When Simple is selected, FortiClient performs case-insensitive matching against classes, manufacturers, vendor IDs, product IDs, and revisions.

      When Regex is selected, FortiClient uses Perl Compatible Regular Expressions (PCRE) to perform matching against classes, manufacturers, vendor IDs, product IDs, and revisions.

      Action

      Configure the action to take with removable media devices connected to the endpoint that match this rule. Available options are:

      • Allow: Allow access to removable media devices connected to the endpoint that match this rule.
      • Block: Block access to removable media devices connected to the endpoint that match this rule.

      Class

      Enter the device class.

      Manufacturer

      Enter the device manufacturer.

      Vendor ID

      Enter the device vendor ID.

      Product ID

      Enter the device product ID.

      Revision

      Enter the device revision number.

    3. Click OK.
Previous
Next