Description | This article describes how to add an exclusion for FortiSIEM processes on FortiEDR. |
Scope | Applies to both on-premises and cloud FortiEDR environments. |
Solution |
According to the FortiSIEM Windows Agent Installation Guide: if antivirus software interferes with the FortiSIEM Windows Agent, consider whitelisting the following files on the endpoint. This is useful if the antivirus software uses application sandboxing heuristics that wrap around any new applications. This can result in high CPU and memory usage and can significantly slow down the machine.
Steps to exclude FortiSEIM processes on FortiEDR:
*\Program Files\Fortinet\FortiSIEM\ Process and Execution Prevention *\Program Files\Fortinet\FortiSIEM\* Process and Execution Prevention *\ProgramData\FortiSIEM\Database\* Process and Execution Prevention *\ProgramData\FortiSIEM\Logs\* Process and Execution Prevention *\Windows\System32\drivers\ FortiInsight.sys Process and Execution Prevention
Select Apply and Save Changes.
If problems are still encountered, open a new technical support ticket for further assistance: Support Fortinet. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.