Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

DaviHay-
New Contributor

FortiClient 6.XXX

Is there a way to disable vulnerability scanner in FortiClient 6.xx?
Also, what happens with what it finds? Does it automatically update/remediate or just notifies? the reason I ask is that most of the time computers are managed by another application, and we have an update schedule.

------------------------------
David Hay-Currie
Network Engineer
DehcTech
Newark, DE

------------------------------
[FirstName] [JobTitle] [CompanyName] [City] [State]
[FirstName] [JobTitle] [CompanyName] [City] [State]
3 REPLIES 3
DaviHay-
New Contributor

I just figured to change some of the applications I can unlock from the lower left side, however Vulnerability doesn't have configurable settings.
I don't have anything that needs updating, but I am still wondering.
[FirstName] [JobTitle] [CompanyName] [City] [State]
[FirstName] [JobTitle] [CompanyName] [City] [State]
preznik_FTNT
Staff
Staff

Hi David,

You can control Vulnerability Scan settings via XML for standalone client, or via FortiClent EMS for managed one.
Please check XML Guide Fortinet Docs Library - FortiClient 6.0.2 XML Reference
Fortinet remove preview
Fortinet Docs Library - FortiClient 6.0.2 XML Reference
View this on Fortinet >

Thank you,

Paul
DaviHay-

Thanks Paul.
So, I exported the settings, and that showed me how it is setup.

<vulnerability_scan>
<enabled>1</enabled>
<scan_on_registration>0</scan_on_registration>
<scan_on_signature_update>1</scan_on_signature_update>
<windows_update>1</windows_update>
<proxy_enabled>0</proxy_enabled>
<automatic_maintenance>
<scan_on_maintenance>0</scan_on_maintenance>
<maintenance_period>0</maintenance_period>
<maintenance_deadline>0</maintenance_deadline>
</automatic_maintenance>
<auto_patch />
<scheduled_scans />
</vulnerability_scan>

This means that although it is enabled, it won't run by default a scan, and even if it runs, there is no remediation, just information.
However it will run when there is a signature update.
This actually helps me a lot.
I just tested it though and it enables display of vulnerability scan and the vulnerability scan button when the client is restarted (either by fully exiting the application or restarting the computer)

------------------------------
David
Network Engineer
[CompanyName]
[City] [State]
------------------------------
[FirstName] [JobTitle] [CompanyName] [City] [State]
[FirstName] [JobTitle] [CompanyName] [City] [State]
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.