FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
rduggal_FTNT
Staff
Staff
Article Id 360931
Description This article describes how to add an exclusion for FortiSIEM processes on FortiEDR.
Scope Applies to both on-premises and cloud FortiEDR environments.
Solution

According to the FortiSIEM Windows Agent Installation Guide: if antivirus software interferes with the FortiSIEM Windows Agent, consider whitelisting the following files on the endpoint. This is useful if the antivirus software uses application sandboxing heuristics that wrap around any new applications. This can result in high CPU and memory usage and can significantly slow down the machine.

 

Steps to exclude FortiSEIM processes on FortiEDR:

  • Login to FortiEDR -> Security Settings -> Exclusion Manager -> Add a new list and name it 'FortiSIEM' -> Assign required Collector Groups to it and add the following exclusions:

*\Program Files\Fortinet\FortiSIEM\      Process and Execution Prevention

*\Program Files\Fortinet\FortiSIEM\*     Process and Execution Prevention

*\ProgramData\FortiSIEM\Database\*       Process and Execution Prevention

*\ProgramData\FortiSIEM\Logs\*           Process and Execution Prevention

*\Windows\System32\drivers\           FortiInsight.sys        Process and Execution Prevention

 

Select Apply and Save Changes.

 

If problems are still encountered, open a new technical support ticket for further assistance: Support Fortinet.