Fortinet black logo

New Features

Home FortiClient 7.2.0 New Features
7.2.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0

Forensics agent included in FortiClient (Windows) installation 7.2.2

Forensics agent included in FortiClient (Windows) installation 7.2.2

The Forensics agent is now transparently installed as part of the FortiClient (Windows) installation. FortiClient sends the Forensics agent status to EMS during the log collection and upload process. After the Forensics agent collects logs, it automatically uploads them to a server where the Forensics team can download and analyze them.

The FortiClient installation installs artifactcollector.exe, which is the Forensics agent.

To check the Forensics engine version:

In Command Prompt, go to the FortiClient installation directory. By default, this is C:\Program Files\Fortinet\FortiClient. Run update_task -d. Check the Artifact collector line to determine your Forensics engine version. The following shows example output for this command:

If a newer version is available on FortiGuard Distribution Servers, FortiClient updates the engine.

When the EMS administrator requests analysis on an endpoint, the FortiFS daemon and artifactcollector.exe start collecting forensics logs temporarily in C:\Windows\temp. Once log collection is complete, FortiClient uploads the collection to a server where the Forensics team can download it. FortiFS deletes the log collection from C:\Windows\temp.

You can view the forensic agent status in EMS. See FortiGuard Forensics service support on on-premise EMS 7.2.2.

Previous
Next

Forensics agent included in FortiClient (Windows) installation 7.2.2

The Forensics agent is now transparently installed as part of the FortiClient (Windows) installation. FortiClient sends the Forensics agent status to EMS during the log collection and upload process. After the Forensics agent collects logs, it automatically uploads them to a server where the Forensics team can download and analyze them.

The FortiClient installation installs artifactcollector.exe, which is the Forensics agent.

To check the Forensics engine version:

In Command Prompt, go to the FortiClient installation directory. By default, this is C:\Program Files\Fortinet\FortiClient. Run update_task -d. Check the Artifact collector line to determine your Forensics engine version. The following shows example output for this command:

If a newer version is available on FortiGuard Distribution Servers, FortiClient updates the engine.

When the EMS administrator requests analysis on an endpoint, the FortiFS daemon and artifactcollector.exe start collecting forensics logs temporarily in C:\Windows\temp. Once log collection is complete, FortiClient uploads the collection to a server where the Forensics team can download it. FortiFS deletes the log collection from C:\Windows\temp.

You can view the forensic agent status in EMS. See FortiGuard Forensics service support on on-premise EMS 7.2.2.

Previous
Next