Help
FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
ymasaki
Staff
Staff

Created on ‎08-07-2024 11:53 PM

Article Id 331378

Troubleshooting Tip: Application Not Blocked Despite Application Control Manager Setting

Description This article describes how to troubleshoot an application that is not blocked although Application Control Manager is configured.
Scope FortiEDR.
Solution

Application Control Manager allows the FortiEDR Collector to block predefined applications from launching. However, it does not work as expected when some settings are missing to enable the feature properly.

 

This article explains the troubleshooting steps to check the setting is properly configured and offers a solution to fully run the Application Control Manager feature.

 

  1. Set up Application Control Manager configuration.

In this scenario, the setting is applied to 'firefox.exe'.

 

fedr_appmgr1.png

 

  1. Run Firefox on the machine but it is still allowed to launch.

     

  2. To fully enable the feature, make sure the Application Control policy is enabled in Prevention mode (the policy is disabled in Simulation mode by default).

     

    fedr_appmgr2.png

     

     

  3. Run Firefox again and it is blocked this time.

     

    fedr_appmgr4.png

     

     

  4. Confirm the blocked event is available in EVENT VIEWER (Application Control view).

     

    fedr_appmgr3.png
280
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.