Fortinet black logo

New Features

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Real-time file system integrity checking 6.4.13

Real-time file system integrity checking 6.4.13

Real-time file system integrity checking has two main purposes:

  • Prevent unauthorized modification of important binaries.
  • Detect unauthorized binaries and prevent them from running.

When the FortiGate boots, the system performs a BIOS level integrity check on important internal files, the AV engine file, and the IPS engine file. These files are signed by the process described in Enhance BIOS-level signature and file integrity checking 6.4.13, and the BIOS verifies their signature against their certificates.

Once these files are verified to be authentic, the BIOS can boot the root filesystem and other executables and libraries. Once loaded, real-time protection begins. The important executables and binaries are protected from write access and any modifications. It also blocks the kernel from loading any modules. Any unauthorized loading of modules is blocked. If violations are found, logs are triggered.

For more information about this feature, see Real-time file system integrity checking.

Previous
Next

Real-time file system integrity checking 6.4.13

Real-time file system integrity checking has two main purposes:

  • Prevent unauthorized modification of important binaries.
  • Detect unauthorized binaries and prevent them from running.

When the FortiGate boots, the system performs a BIOS level integrity check on important internal files, the AV engine file, and the IPS engine file. These files are signed by the process described in Enhance BIOS-level signature and file integrity checking 6.4.13, and the BIOS verifies their signature against their certificates.

Once these files are verified to be authentic, the BIOS can boot the root filesystem and other executables and libraries. Once loaded, real-time protection begins. The important executables and binaries are protected from write access and any modifications. It also blocks the kernel from loading any modules. Any unauthorized loading of modules is blocked. If violations are found, logs are triggered.

For more information about this feature, see Real-time file system integrity checking.

Previous
Next