Hello Fortinet Community,
I’ve deployed the FortiNAC Persistent Agent and implemented compliance scans to ensure our systems are secure. Our policy is to delay operating system updates by one month, but we want antivirus signatures to always be up-to-date.
I understand it's possible to delay OS definitions downloads, but this also delays AV updates.
Is there a way to configure compliance scans to check that the OS has all critical updates with a one-month delay while ensuring AV signatures are always the latest?
Any guidance or best practices would be appreciated!
Thank you!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
I believe you can not perform a scan for critical updates with a month's delay since PA makes a query to the Microsoft Update repository and scans your host depending on query results. If OS Critical update is available on the Microsoft repository and missing on your host, Scan will fail.
You may look at the below KB to have more information.
Hosts Unexpectedly failing Security or Cr... - Fortinet Community
However, you may configure a custom scan with a hotfix option and you may check your hosts with a specific KB ID.
Of course, you will need to change the KB ID every month.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.