Skip to main content
Partisan44
Partisan44
Visitor III
October 28, 2024
Solved

FORTINAC - ENDPOINT COMPLIANCE FAILURE

  • October 28, 2024
  • 1 reply
  • 1598 views

Hi 

 

Am running Fortinac v7.4.0.0427 (GA) and the Endpoint Compliance doesn't run when a registered host connects back to the network ,or it takes very long to do so ,6+ mins

however if i scan the host ,the compliance action is executed .

Any idea why this could be happening ?

Best answer by ebilcari

The Scan will run when the host connects/reconnects in the network or when a scheduled Scan is triggered by FNAC. The Agent will not periodically scan the end host for changes. Some specific checks can be included in the Scan as Monitor, that can do quick checks more frequently (in minutes) and change the host status on failure.

1 reply

ebilcari
Staff
ebilcari
Staff
October 28, 2024

Depending on the type of options that are selected in Scan configurations, the scan can take up to 10 minutes. Usually Windows OS updates (especially in Windows 11) or if multiple antiviruses are selected, may delay the results until all the information is checked.

You can get more information about the checks and the time it takes from the Agent logs in the end host. In the general.txt file like:

 

2024-10-28 14:23:25 UTC :: handleReceivedPacket() -- received this packet:

Run-Policy

.

<policy name="f-Corporate-Scan" base="">

..

2024-10-28 14:23:26 UTC :: Policy f-Corporate-Scan Passed

Emirjon
    Partisan44
    Partisan44Author
    Visitor III
    October 29, 2024

    Hi Emirjon

     

    Thank you ,i`ve only selected very few options eg. OS Version ,and at times it doesn't trigger up until the next scheduled scan runs ,so essentially a non compliant pc has been allowed onto the network .

    Is there a way this can be optimized?

    Thanks 

    ebilcari
    Staff
    ebilcariAnswer
    Staff
    October 29, 2024

    The Scan will run when the host connects/reconnects in the network or when a scheduled Scan is triggered by FNAC. The Agent will not periodically scan the end host for changes. Some specific checks can be included in the Scan as Monitor, that can do quick checks more frequently (in minutes) and change the host status on failure.

    Emirjon
      Terms & ConditionsAccessibility statement