This article provides practices with FortiClient and third-party AV
Scope
FortiEDR.
Solution
The FortiEDR process mechanism is divided into two parts:
Pre-Infection: Based on signature prevention process and uses, ML, kernel-based engine.
Post-Infection: Based on the outcome of any action performed on memory or system. Irrespective of any vendor's reputation it will detect and lock it.
Note:
Unlike, in traditional AV scan process it will not trigger and detect any file unless it is scanned. As soon any file is executed, called in the memory(read or write) anything malicious, FortiEDR will detect and block it.
Using multiple AVs, running in parallel may cause false positive, performance issues.
FortiClient and FortiEDR are complete endpoint security recommended solutions. FortiClient has AV, Sandbox, Malware protection, and FortiGuard signatures.
FortiEDR has a kernel-level ML based NGAV engine.
If third-party AV integration is still required, the following KB article can be used to exclude:
