FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
Article Id 242419
Description Windows defender is flaging FortiEDR as a false positive and seeing it as a virus
Scope FortiEDR 5.X.



  1. Enable 'Register collectors to Windows Security Center' in the FortiEDR Central Manager.


In FortiEDR Central Manager choose choose 'Administration -> Tools'

- Under Windows Security Center, check the box next to "Register collectors to Windows Security Center".


     2. Whitelist FortiEDR in Defender.


Exclude this path:


  • In the Microsoft Endpoint Manager admin center choose 'Endpoint security -> Antivirus' and then select an existing policy.
  • Choose properties and next to Configuration settings, choose 'Edit'.
  • Expand Microsoft Defender Antivirus Exclusions and then specify the exclusion.

In this case, it is necessary to exclude:




The review addresses false positives/negatives in Microsoft Defender for Endpoint from Microsoft on how to address false positives and how to create exclusions.