Hello, we are implementing DLP agents to Windows workstations in our company and as per initial configuration we need to exclude some processes, DLP directories and registry paths. We did this as per instructions from DLP provider. It's done per EMS and when we are checking for processes available per DLP directories we can still see fmon.exe and fcappdb.exe scanning the files. The DLP is reporting health issues on regular basis and definitely something is wrong. I believe it's also impacting the performance of the endpoint as users are reporting that machines became laggy. DLP support is also pointing out that we need to get rid of AV scanning effectively. So my question is why exclusions we did are not effective? It's really straightforward, we just put C:\Program Files\DLP_Software_Name, C:\ProgramData\DLP_Software_Name and this should solve the case, however you can see that AV process is still scanning files inside the directories
FortiClient ver 7.0.9.0493, ESM v.7.0.8 build 0484. Case opened here but not much inside: 8589988
We are observing for last two days how endpoints behave without the Forti AV protection on and so far there are no errors from DLP agents. This may indicates that AV from Forti is influencing the DLP processes. What log can we provide?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.