| Description | This article discusses a common question pertaining to pre-execution security events and Threat Hunting data collection. |
| Scope | FortiEDR 5.0+ |
| Solution |
FortiEDR offers several types of security policies and rules which allow or block processes and files. Separately, FortiEDR offers Threat Hunting capabilities which enrich analysts to perform deep, historic forensics investigations.
In some cases, users may view an event in the Event Viewer and select the ‘Threat Hunting’ icon:
Only to find no Threat Hunting data is returned:
If the security rule, found in Event Viewer, is for ‘Malicious File Detected’, then this is considered expected behavior.
Execution Prevention (aka pre-execution prevention) relies on FortiEDR’s Next Generation Antivirus (NGAV) engine. Security events triggered here will show under the 'Malicious File Detected” security rule. In such case, the file read attempt on the endpoint is blocked prior to reaching the Collectors Threat Hunting function and thus no Threat Hunting data is collected. |
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiWAN
- FortiToken
- FortiVoice
- FortiWeb
- FortiAppSec Cloud
- RMA Information and Announcements
- Lacework
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
- Fortinet Community
- Knowledge Base
- FortiEDR
- Technical Tip: Pre-Execution Events and Threat Hun...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.