Skip to main content
suniokera
suniokera
New Member
November 25, 2023
Question

FortiEDR - Exception Evaluation

  • November 25, 2023
  • 4 replies
  • 2112 views

Hello everyone,

I'm currently running a PoC with FortiEDR (5.2.0) and face a strange issue.

Clients are running in simulation mode, then we are adding exception before moving to protection mode (as expected).

But at a point, and not on all endpoint (4 out of 100), some of the application start to crash on the endpoint. Removing the exceptions restore the situation.

--> This seems that the evaluation of the rules makes FEDR to crash and by side effect, crash the inspected application.

Has anyone encounter a similar behaviour ?

4 replies

Stephen_G
Moderator
Stephen_G
Moderator
November 27, 2023

Hello suniokera,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Stephen_G - Fortinet Community Team
Stephen_G
Moderator
Stephen_G
Moderator
November 29, 2023

Hello suniokera,

 

We are still looking for someone to help you.

We will get back to you ASAP.


Regards,

Stephen_G - Fortinet Community Team
Stephen_G
Moderator
Stephen_G
Moderator
December 5, 2023

Hi suniokera,

 

I'm sorry this is taking longer than expected. We're still looking for someone to help.

 

Kind regards,

Stephen_G - Fortinet Community Team
Luke_FTNT
Staff
Luke_FTNT
Staff
December 13, 2023

Hi Suniokera,

This is certainly unexpected behavior. When this issue occurs, do you see any minidump files created in C:\Windows\Minidump\ for FortiEDR Collector or for the other application which appears to crash?


Separately, I'd like to understand the following:

1) When FortiEDR is running along side this application with an exception (in Simulation mode), how long does it take for the application to crash? A rough indication is fine here, I just want to know if it occurs every few minutes or every few days.

2) When FortiEDR is running along side this application without an exception (in Simulation mode), how long have you observed the application without seeing a crash?

Cheers,
-Luke

    Terms & ConditionsAccessibility statement