FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
Ahmed_Mohamed
Article Id 328640
Description This article describes how to troubleshoot when a communicating application is missing from the Communication Control tab.
Scope FortiEDR.
Solution

FortiEDR Applications Communication Control feature maps all applications in the FortiEDR protected devices that communicate externally. After that, decide which of these applications to allow or deny.

 

For further information about the Communication Control feature, refer to the Admin Guide

 

The APPLICATIONS page lists all communicating applications detected in the organization that have ever attempted to communicate. In case specific application(s) is not present, perform the following troubleshooting steps:

 

     1. Make sure to search for the application in the list filtered by All.

 

communication-ctrl-3.png

 

  1. Verify Collector is running by: The collector is Running in the FortiEDR console INVENTORY -> Collectors and run the command to check the status:

Windows:

 

C:\Program Files\Fortinet\FortiEDR\FortiEDRCollectorServices.exe --status

 

Linux:

 

sudo /opt/FortiEDRCollector/control.sh --status

 

macOS:

 

sudo /Applications/FortiEDR.app/fortiedr_collector.sh status

 

  1. Verify Collector has established TCP connection to the Aggregator IP on port 8081 with the command:

 

Windows:

 

netstat -an | findstr 8081

 

Linux/macOS:

 

netstat -an | grep 8081

 

  1. Confirm Collector has stable connectivity to the Core, by:
  • Check if Collector flips from degraded due to Core connectivity issues and running states searching with Device Name in Administration -> System Events.
  • Verify Collector has established connectivity to the Core IP on TCP port 555, running the command:

 

Windows:

 

netstat -an | findstr 555

 

Linux/macOS:

 

netstat -an | grep 555

 

  1. If the issue persists, raise a TAC ticket providing following information:

 

Windows:

 

netstat -an | findstr 8081

netstat -an | findstr 555

 

Linux/macOS:

 

netstat -an | grep 8081

netstat -an | grep 555

 

In the case of An on-premise environment, obtain both System logs and Core logs How To Export System logs