What would cause FortiEDR to NOT detect ransomware encryption

Forum|Forum|1 year ago
January 27, 2025
1 reply
421 views

I see almost exclusively what FortiEDR can do in searching here, and only some minor dislikes on Gartner.

I have a case where it did not detect the encryption process, it was able to impede the vector but ultimately the ransomware was successful in encrypting the media. I need cases where FortiEDR could be inhibited, either from improperly training the model, misconfiguration, or other security software that would impede the detection process.

Thanks, Karl

FortiEDR

KarlHAuthor

Explorer II

Thanks

I do appreciate the re iteration, I actually mention two of those in the post, I would like to avoid any more pitfalls, where would the docs be that discuss the modelling theory and principals, How should we establish a base line for clients, so it knows what "clean" looks like, the time to train, what kinds of misconfiguration? Why would EDR not detect an entire disk being encrypted? it never even threw an alert? where are the logs kept for EDR?

Thank you.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded