Skip to main content
rafaelrosseto88
rafaelrosseto88
New Member
March 6, 2025
Solved

FortiNAC Endpoint Compliance Cybereason

  • March 6, 2025
  • 3 replies
  • 1318 views

Hi everyone,

 

Does anyone know why there isn’t a Cybereason Antivirus product available for validation in the FortiNAC endpoint compliance scan?

 

I managed to create a custom scan, which is working well, but now I need to validate either SentinelOne or Cybereason, and with Antivirus plus Custom scan I did not found a way to do this, because there is no OR between them, only AND.

 

FortiNAC 7.2

 

Best answer by rafaelrosseto88

Hello,

 

That's exactly what I need. Works like a charm!

 

Thanks

3 replies

ebilcari
Staff
ebilcari
Staff
March 6, 2025

Currently this antivirus is not supported by FortiNAC but you can raise a 'New Feature Request (NFR)' over your local Fortinet representatives to add support for it.

 

For now, you can try to achieve the requirement by calling a second scan if the antivirus check failed the first one, like shown here:

override results.PNG

Emirjon
    rafaelrosseto88
    rafaelrosseto88AuthorAnswer
    New Member
    March 6, 2025

    Hello,

     

    That's exactly what I need. Works like a charm!

     

    Thanks

    ebilcari
    Staff
    ebilcari
    Staff
    March 10, 2025

    Thank you for your feedback, I'm glad I could help.

    Emirjon
      AEK
      SuperUser
      AEK
      SuperUser
      March 6, 2025

      Hi Rafael

      I didn't use FNAC since a while but if I remember well I think you can do that by creating two compliance rules, one with AV, and the second with custom scan, then adding the client hosts with Cybereason Antivirus in a separate group, then apply the compliance rule with custom scan to only that group. The other group having SentinelOne AV will be scanned by the regular rule (with normal AV check).

      AEK
        wadhalji1
        wadhalji1
        New Member
        March 6, 2025

        It sounds like you have a policy in there that evaluates the host as being allowed to be on the network. It is weird that if you disable the host it goes back online but I'm pretty positive that it is a rule that allows the host to be on the network and I suspect it is a rule that looks for the persistent agent as that is a common rule to have.

          Terms & ConditionsAccessibility statement