Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

BobPatr
New Contributor

Created on ‎09-22-2016 10:04 AM

FortiClinent quarantine

Can FortiCllient find malware on a FortiCleint-equipped PC?

Can FortiClient then alert the EMS to the fact that there's an infected PC?  Can it tell the EMS which PC it is?  If so, what's that information? 

And then can the EMS manager use it to quarantine the infected/reporting PC?  Can the PC really be quanrantined to break the operation of the malware? 

Labels:
200
0 Kudos
2 REPLIES 2
joe_FTNT
Staff
Staff

Created on ‎09-22-2016 10:14 AM

Q1: Can FortiCllient find malware on a FortiCleint-equipped PC? — Yes indeed ---

Q2: Can FortiClient then alert the EMS to the fact that there's an infected PC? —Yes, alerts are sent to EMS and an email alert can be generated and sent out from EMS as well ---

Q3: Can it tell the EMS which PC it is? If so, what's that information? — Yes, the machine and usually logged in user is visible in EMS as well as the summary of the alert (virus detected, virus name)--

Q4: And then can the EMS manager use it to quarantine the infected/reporting PC? — You can then manually quarantine the entire system by right clicking in EMS and choosing Quarantine--

Q5: Can the PC really be quanrantined to break the operation of the malware? — Yes. FortiClient will enable a feature that then blocks all inbound and outbound traffic from that endpoint locally. The endpoint at this point can only accept communication from EMS so that it can be ‘unquarantined’ after the endpoint is remediated.

Further information can be logged and reported on by FortiAnalyzer.

From: "Bob Patrick via forticlient.public" >">mailto:forticlient.public@fuse-lists.fortinet.com>>
Reply-To: "forticlient.public@fuse-lists.fortinet.com<mailto:forticlient.public@fuse-lists.fortinet.com>" >">mailto:forticlient.public@fuse-lists.fortinet.com>>
Date: Thursday, September 22, 2016 at 3:03 PM
To: "forticlient.public@fuse-lists.fortinet.com<mailto:forticlient.public@fuse-lists.fortinet.com>" >">mailto:forticlient.public@fuse-lists.fortinet.com>>
Subject: [forticlient.public] - FortiClinent quarantine
Resent-From: >">mailto:forticlient.public@fuse-lists.fortinet.com>>
Resent-Date: Thursday, September 22, 2016 at 3:03 PM


Can FortiCllient find malware on a FortiCleint-equipped PC?

Can FortiClient then alert the EMS to the fact that there's an infected PC? Can it tell the EMS which PC it is? If so, what's that information?

And then can the EMS manager use it to quarantine the infected/reporting PC? Can the PC really be quanrantined to break the operation of the malware?

-----End Original Message-----
194
0 Kudos
BobPatr
New Contributor
In response to joe_FTNT

Created on ‎09-22-2016 10:16 AM

JOE—

Wonderful! Thanks!

BOB

From: Joe Martins via forticlient.public [mailto:forticlient.public@fuse-lists.fortinet.com]
Sent: Thursday, September 22, 2016 4:14 PM
To: forticlient.public@fuse-lists.fortinet.com
Subject: [forticlient.public] - RE: FortiClinent quarantine


Q1: Can FortiCllient find malware on a FortiCleint-equipped PC? — Yes indeed ---

Q2: Can FortiClient then alert the EMS to the fact that there's an infected PC? —Yes, alerts are sent to EMS and an email alert can be generated and sent out from EMS as well ---

Q3: Can it tell the EMS which PC it is? If so, what's that information? — Yes, the machine and usually logged in user is visible in EMS as well as the summary of the alert (virus detected, virus name)--

Q4: And then can the EMS manager use it to quarantine the infected/reporting PC? — You can then manually quarantine the entire system by right clicking in EMS and choosing Quarantine--

Q5: Can the PC really be quanrantined to break the operation of the malware? — Yes. FortiClient will enable a feature that then blocks all inbound and outbound traffic from that endpoint locally. The endpoint at this point can only accept communication from EMS so that it can be ‘unquarantined’ after the endpoint is remediated.

Further information can be logged and reported on by FortiAnalyzer.

From: "Bob Patrick via forticlient.public" >">mailto:forticlient.public@fuse-lists.fortinet.com>>
Reply-To: "forticlient.public@fuse-lists.fortinet.com<mailto:forticlient.public@fuse-lists.fortinet.com>" >">mailto:forticlient.public@fuse-lists.fortinet.com>>
Date: Thursday, September 22, 2016 at 3:03 PM
To: "forticlient.public@fuse-lists.fortinet.com<mailto:forticlient.public@fuse-lists.fortinet.com>" >">mailto:forticlient.public@fuse-lists.fortinet.com>>
Subject: [forticlient.public] - FortiClinent quarantine
Resent-From: >">mailto:forticlient.public@fuse-lists.fortinet.com>>
Resent-Date: Thursday, September 22, 2016 at 3:03 PM


Can FortiCllient find malware on a FortiCleint-equipped PC?

Can FortiClient then alert the EMS to the fact that there's an infected PC? Can it tell the EMS which PC it is? If so, what's that information?

And then can the EMS manager use it to quarantine the infected/reporting PC? Can the PC really be quanrantined to break the operation of the malware?

-----End Original Message-----

-----End Original Message-----
194
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.