JOE—
Wonderful! Thanks!
BOB
From: Joe Martins via forticlient.public [
mailto:forticlient.public@fuse-lists.fortinet.com]Sent: Thursday, September 22, 2016 4:14 PM
To: forticlient.public@fuse-lists.fortinet.com
Subject: [forticlient.public] - RE: FortiClinent quarantine
Q1: Can FortiCllient find malware on a FortiCleint-equipped PC? — Yes indeed ---
Q2: Can FortiClient then alert the EMS to the fact that there's an infected PC? —Yes, alerts are sent to EMS and an email alert can be generated and sent out from EMS as well ---
Q3: Can it tell the EMS which PC it is? If so, what's that information? — Yes, the machine and usually logged in user is visible in EMS as well as the summary of the alert (virus detected, virus name)--
Q4: And then can the EMS manager use it to quarantine the infected/reporting PC? — You can then manually quarantine the entire system by right clicking in EMS and choosing Quarantine--
Q5: Can the PC really be quanrantined to break the operation of the malware? — Yes. FortiClient will enable a feature that then blocks all inbound and outbound traffic from that endpoint locally. The endpoint at this point can only accept communication from EMS so that it can be ‘unquarantined’ after the endpoint is remediated.
Further information can be logged and reported on by FortiAnalyzer.
From: "Bob Patrick via forticlient.public"
>">mailto:forticlient.public@fuse-lists.fortinet.com>>
Reply-To: "forticlient.public@fuse-lists.fortinet.com<mailto:forticlient.public@fuse-lists.fortinet.com>" >">mailto:forticlient.public@fuse-lists.fortinet.com>>
Date: Thursday, September 22, 2016 at 3:03 PM
To: "forticlient.public@fuse-lists.fortinet.com<mailto:forticlient.public@fuse-lists.fortinet.com>" >">mailto:forticlient.public@fuse-lists.fortinet.com>>
Subject: [forticlient.public] - FortiClinent quarantine
Resent-From: >">mailto:forticlient.public@fuse-lists.fortinet.com>>
Resent-Date: Thursday, September 22, 2016 at 3:03 PM
Can FortiCllient find malware on a FortiCleint-equipped PC?
Can FortiClient then alert the EMS to the fact that there's an infected PC? Can it tell the EMS which PC it is? If so, what's that information?
And then can the EMS manager use it to quarantine the infected/reporting PC? Can the PC really be quanrantined to break the operation of the malware?
-----End Original Message-----
-----End Original Message-----