FortiEDR version 5.2 and above uses some extra monitoring. As per the Microsoft documentation we need to define Security exclusions for Configuration Manager:

SCCM doesn't check MD5s right after files are copied for deployment and therefore FortiEDR blocks the installation.

Follow the steps below to configure required exclusions:

• Log in to the FortiEDR GUI -> Security Settings -> Exclusion Manager -> Add a new list -> Add required collector group to the list ->  Add the following process and execution prevention exclusions paths:

*\Windows\CCMCache\*

*\Windows\Logs\*

*\Windows\CCM\*.sdf

*\Windows\CCM\SystemTemp\*

*\Windows\CCMSetup\*

*\Windows\Setup\Scripts\*

*\Windows\CCM\ScriptStore\*

*\Windows\CCM\ServiceData\*

*\Program Files\Microsoft Policy Platform\authorityDb\             *.sdf

*\Windows\SMSTSPostUpgrade\*

*\Windows\CCM\CcmExec.exe

*\_smstasksequence\packages\*

• Apply and save changes.

If there are still any problems encountered, open a new technical support ticket for further assistance: Support Fortinet.