Help
FortiEndpoint
FortiEndpoint is a cloud based EMS solution hosted by Fortinet, built for new deployments. It combines FortiClient Cloud and FortiEDR, offering everything available in FortiClient Cloud with the added ability to deploy and manage FortiEDR collectors.
FortiClient Cloud handles the deployment and version management of collectors. When a deployment is created, a matching EDR collector group is automatically created. Endpoints added to the deployment are also added to this group.
In a standard EDR setup, version control is managed directly in the EDR console. With FortiEndpoint, this is done through the FortiClient installer settings. Collector group configuration stays within FortiClient Cloud, while policy and playbook management continues to be handled through the EDR console.
RiverChen
Staff
Staff

Created on ‎01-23-2026 12:33 AM

Article Id 427790

Technical Tip: FortiEndpoint collector remains in Default Collector Group due to EMS system profile setting

Description This article describes an easily overlooked configuration that can cause FortiEDR collectors to remain in the Default Collector Group.
Scope FortiEndpoint.
Solution

In FortiEndpoint environments, the FortiEDR collector is deployed and managed through FortiClient EMS. The FortiClient EMS deployments should sync with FortiEDR collector groups.
The collector group synchronization relies on communication between FortiClient and FortiEDR installed on the device. If the endpoint profile assigned to a device has 'Endpoint Detection & Response' disabled, FortiClient and FortiEDR cannot communicate with each other. As a result, the Collector group is not updated, and the endpoint remains in the Default Collector Group in the FortiEDR console, even though the device may appear correctly in FortiClient EMS.

 

This setting can be found under:
Endpoint Profiles -> System Settings ->  Assigned Profile -> Enable Endpoint Detection & Response.

 

Step 1: Verify the profile assigned to the device.
From the EMS Endpoints tab, identify which system profile is assigned to the affected device (highlighted with a red box in the screenshot below).


article1.png

 

Step 2: Verify the system profile setting.
Navigate to Endpoint Profiles -> System Settings, and check whether Enable Endpoint Detection & Response is enabled for the assigned profile (highlighted with a red box in the screenshot below).
If the setting is disabled, enable it and allow time for the Collector to resynchronize and update its group assignment.

image (1).png

 

Further troubleshooting:
If the setting is already enabled and the Collector still does not move out of the Default Collector Group, further troubleshooting is required. In some cases, toggling EMS deployments (enable/disable) or creating a new deployment can help. If the issue persists, review FortiEDR logs and collect EMS diagnostic logs for further analysis.
20
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.