Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Partisan44
New Contributor

FORTINAC - ENDPOINT COMPLIANCE FAILURE

Hi 

 

Am running Fortinac v7.4.0.0427 (GA) and the Endpoint Compliance doesn't run when a registered host connects back to the network ,or it takes very long to do so ,6+ mins

however if i scan the host ,the compliance action is executed .

Any idea why this could be happening ?

1 Solution
ebilcari

The Scan will run when the host connects/reconnects in the network or when a scheduled Scan is triggered by FNAC. The Agent will not periodically scan the end host for changes. Some specific checks can be included in the Scan as Monitor, that can do quick checks more frequently (in minutes) and change the host status on failure.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

4 REPLIES 4
ebilcari
Staff
Staff

Depending on the type of options that are selected in Scan configurations, the scan can take up to 10 minutes. Usually Windows OS updates (especially in Windows 11) or if multiple antiviruses are selected, may delay the results until all the information is checked.

You can get more information about the checks and the time it takes from the Agent logs in the end host. In the general.txt file like:

 

2024-10-28 14:23:25 UTC :: handleReceivedPacket() -- received this packet:

Run-Policy

.

<policy name="f-Corporate-Scan" base="">

..

2024-10-28 14:23:26 UTC :: Policy f-Corporate-Scan Passed

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Partisan44

Hi Emirjon

 

Thank you ,i`ve only selected very few options eg. OS Version ,and at times it doesn't trigger up until the next scheduled scan runs ,so essentially a non compliant pc has been allowed onto the network .

Is there a way this can be optimized?

Thanks 

ebilcari

The Scan will run when the host connects/reconnects in the network or when a scheduled Scan is triggered by FNAC. The Agent will not periodically scan the end host for changes. Some specific checks can be included in the Scan as Monitor, that can do quick checks more frequently (in minutes) and change the host status on failure.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Partisan44

Thank you !

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors