EDR collector office work

dArA · ‎08-30-2021

Dear Everyone,

I have some questions regarding EDR, When the collector is offline from the FortiEDR core, once it is downloaded the suspicious or zero-day files that cannot identify by machine learning and signature-based on the collector task, so what going on on this collector machine/device? let's say in case EDR core has any issues like connectivity issue or it down.

Second question, Can you share with me the key point for convincing the customer to use our FortiSASE and what exactly our FortiSASE can do?

Regards,
Dara

DARA RIM

BrooChel · ‎09-28-2021

Hi Darra, if the collector is offline and let's say the infection comes through a USB key and the device is completely offline, you would have to trust the anti-malware engine to protect the device in that situation. The anti-malware engine is very effective, but if offline, FCS won't be able to see it and reclassify if it needs to. The client will react based on what it is programmed to do via playbooks.

View solution in original post

BrooChel · ‎09-28-2021

Hi Darra, if the collector is offline and let's say the infection comes through a USB key and the device is completely offline, you would have to trust the anti-malware engine to protect the device in that situation. The anti-malware engine is very effective, but if offline, FCS won't be able to see it and reclassify if it needs to. The client will react based on what it is programmed to do via playbooks.

dArA · ‎09-28-2021

Hi Brook, Well noted for your great explanation.

BRs,
Dara

DARA RIM