Technical Tip: Resolving Ransomware Prevention Policy Issues with FortiEDR

Description

This article describes a solution to resolve issues with the Ransomware Prevention Policy in FortiEDR, where exceptions are not being applied correctly. The article provides a step-by-step guide to resolve the issue and ensure that the policy is working as expected.

Scope

FortiEDR, FortiGate.

Solution

To resolve the issue with the Ransomware Prevention Policy in FortiEDR, follow these steps:

1. Go to incidents -> Process -> Event handling and create a new exception for the specific process that is being blocked.

2. Select the options that correspond to the behavior of the event, which can be reviewed on the left-hand side.

3. Define the scope as specifically as possible to avoid bypassing unnecessary equipment or destinations.

4. After creating the exception, replicate the connection and perform the necessary validations.

Additionally, ensure that the exception is applied to the correct level of security, as the Ransomware Prevention Policy may not be covered by the existing exception.

For more information on configuring FortiEDR and FortiGate, refer to the Fortinet Support Portal.