Fortinet white logo
Fortinet white logo

Administration Guide

Protection

Protection

To configure the Protection tab:
  1. Create a new profile or edit an existing one:
    1. Go to Configuration > Profiles. By default, the Profiles tab is selected.
    2. Click Create or edit an existing profile.
    3. In the Name field, enter the desired name of the endpoint profile.
  2. On the Protection tab, in Malware, configure the following:
    1. Enable Next Generation AntiVirus. This feature includes real-time protection against viruses, as well as cloud-based malware detection. Cloud-based malware protection protects endpoints from high risk file types from external sources such as the internet or network drives by querying FortiGuard to determine whether files are malicious. This feature only works for endpoints where Malware Protection was enabled when installing FortiClient.
    2. Enable Anti-Ransomware. This feature only works for endpoints where Malware Protection was enabled when installing FortiClient. Antiransomware protects all content in the selected folders against unauthorized changes. You can click Create to add a custom directory. To remove a folder, select it then click the Delete button.
  3. FortiClient includes a vulnerability scan component to check endpoints for known vulnerabilities. You can view a summary of endpoint vulnerability information on the Dashboard.

    On the Protection tab, in Scan for Vulnerabilities:

    1. Enable Scheduled scanning and select these settings:
      1. For Schedule type, select Weekly (default), Daily, or Monthly.
      2. For Scan on, select Sunday (default), or specify a day from Monday through Saturday or 1st through 31st.
      3. For Start at, specify the desired time to start the scan.
    2. Enable Event-based scanning. This feature automatically scans for vulnerabilities when the following occur:
      • Endpoint connects to FortiSASE.
      • Endpoint OS is updated.
      • Vulnerability signatures are updated.
  4. On the Protection tab, in Removable Media Access Control, configure the following:
    1. For Default Removable Media Access Control, select Allow (default), Block, or Monitor. This feature only works for endpoints where Malware Protection was enabled when installing FortiClient.
    2. Enable Notify Endpoint of Blocks to display a bubble notification when FortiClient takes action with a removable media device.
    3. In Access Control Rules, click Create to create a removal media access rule. Configure the following fields. For the class, manufacturer, vendor ID, product ID, and revision, you can find the desired values for the device in one of the following ways:
      • Microsoft Windows Device Manager: select the device and view its properties.

      • USBDeview

      Option

      Description

      Type

      Select Simple or Regex for the rule type.

      When Simple is selected, FortiClient performs case-insensitive matching against classes, manufacturers, vendor IDs, product IDs, and revisions.

      When Regex is selected, FortiClient uses Perl Compatible Regular Expressions (PCRE) to perform matching against classes, manufacturers, vendor IDs, product IDs, and revisions.

      Action

      Configure the action to take with removable media devices connected to the endpoint that match this rule. Available options are:

      • Allow: Allow access to removable media devices connected to the endpoint that match this rule.
      • Block: Block access to removable media devices connected to the endpoint that match this rule.

      Class

      Enter the device class.

      Manufacturer

      Enter the device manufacturer.

      Vendor ID

      Enter the device vendor ID.

      Product ID

      Enter the device product ID.

      Revision

      Enter the device revision number.

    4. Click OK.

Protection

Protection

To configure the Protection tab:
  1. Create a new profile or edit an existing one:
    1. Go to Configuration > Profiles. By default, the Profiles tab is selected.
    2. Click Create or edit an existing profile.
    3. In the Name field, enter the desired name of the endpoint profile.
  2. On the Protection tab, in Malware, configure the following:
    1. Enable Next Generation AntiVirus. This feature includes real-time protection against viruses, as well as cloud-based malware detection. Cloud-based malware protection protects endpoints from high risk file types from external sources such as the internet or network drives by querying FortiGuard to determine whether files are malicious. This feature only works for endpoints where Malware Protection was enabled when installing FortiClient.
    2. Enable Anti-Ransomware. This feature only works for endpoints where Malware Protection was enabled when installing FortiClient. Antiransomware protects all content in the selected folders against unauthorized changes. You can click Create to add a custom directory. To remove a folder, select it then click the Delete button.
  3. FortiClient includes a vulnerability scan component to check endpoints for known vulnerabilities. You can view a summary of endpoint vulnerability information on the Dashboard.

    On the Protection tab, in Scan for Vulnerabilities:

    1. Enable Scheduled scanning and select these settings:
      1. For Schedule type, select Weekly (default), Daily, or Monthly.
      2. For Scan on, select Sunday (default), or specify a day from Monday through Saturday or 1st through 31st.
      3. For Start at, specify the desired time to start the scan.
    2. Enable Event-based scanning. This feature automatically scans for vulnerabilities when the following occur:
      • Endpoint connects to FortiSASE.
      • Endpoint OS is updated.
      • Vulnerability signatures are updated.
  4. On the Protection tab, in Removable Media Access Control, configure the following:
    1. For Default Removable Media Access Control, select Allow (default), Block, or Monitor. This feature only works for endpoints where Malware Protection was enabled when installing FortiClient.
    2. Enable Notify Endpoint of Blocks to display a bubble notification when FortiClient takes action with a removable media device.
    3. In Access Control Rules, click Create to create a removal media access rule. Configure the following fields. For the class, manufacturer, vendor ID, product ID, and revision, you can find the desired values for the device in one of the following ways:
      • Microsoft Windows Device Manager: select the device and view its properties.

      • USBDeview

      Option

      Description

      Type

      Select Simple or Regex for the rule type.

      When Simple is selected, FortiClient performs case-insensitive matching against classes, manufacturers, vendor IDs, product IDs, and revisions.

      When Regex is selected, FortiClient uses Perl Compatible Regular Expressions (PCRE) to perform matching against classes, manufacturers, vendor IDs, product IDs, and revisions.

      Action

      Configure the action to take with removable media devices connected to the endpoint that match this rule. Available options are:

      • Allow: Allow access to removable media devices connected to the endpoint that match this rule.
      • Block: Block access to removable media devices connected to the endpoint that match this rule.

      Class

      Enter the device class.

      Manufacturer

      Enter the device manufacturer.

      Vendor ID

      Enter the device vendor ID.

      Product ID

      Enter the device product ID.

      Revision

      Enter the device revision number.

    4. Click OK.