Hi all,
I received "not compliant" status on forticlient with fortigate compliance rules, i checked forticlient profile in fortigate and local on windows pc. Both profiles are the same except upper case of letters in ESET Management Agent executable files.
And applications on windows pc is set on running states at services, also i checked hashes this applications - all executable file hashes is present on forticlient xml exported profile.
You are see my mistake in sections of config files? examples are in ending my post
Than, i decreased app running compliance check to one application with two hashes and "ekrn.exe" samed name executable files for both, and i take a trouble of not compliant status! So, i can clarify my question - how do i set up fortigate for compliance of running applications, if application executable file is samed name but various versions are using on my computers?
================================
Forticlient xml exported profile section
<nac>
<processes>
<process id="1" name="ESET Management Agent" rule="present">
<signature name="eraagent.exe">1E6C915F18C75881562703442C1FCFB9D4CA8868FFCD52AA49A54FC4D38711B0</signature>
<signature name="eraagent.exe">E718D1E6217BB83713595D8C7FEB59B83CB7BA25E3EA96B010CD5E09E839649F</signature>
<signature name="eraagent.exe">E7B9240DBB5EA8758589DA6632D58E7BE3A90D1DC244FC75FCEEADC3C8FA91AA</signature>
</process>
<process id="2" name="ESET Endpoint Security" rule="present">
<signature name="ekrn.exe">E43CF891632434B035143E57B0CB6629D7D934199A788E18E07A5C94531C7617</signature>
<signature name="ekrn.exe">EBB65611946AAA12696FE3725E2C9C77AC9D5A9CA6EAD5549E2350F95E6853BD</signature>
<signature name="ekrn.exe">A413A8E05B33441EF5D544646294BACF7CC1E43060D21770141D2C1AD4202ABA</signature>
<signature name="ekrn.exe">126AF52953D0F5072BA7718B924F68B0E7A536A7342D77EAEC80E7779294273A</signature>
</process>
<process id="3" name="Forcepoint Endpoint" rule="present">
<signature name="wepsvc.exe">5617F8F39BC3D77F958FAAD52E87177DBDB8A915728782E59CF8C54875126562</signature>
</process>
</processes>
<files />
<registry />
</nac
================================
Fortigate CLI profile section
config forticlient-running-app
edit 1
set app-name "ESET Management Agent"
set process-name "ERAAgent.exe"
set app-sha256-signature "1E6C915F18C75881562703442C1FCFB9D4CA8868FFCD52AA49A54FC4D38711B0"
set process-name2 "ERAAgent.exe"
set app-sha256-signature2 "E718D1E6217BB83713595D8C7FEB59B83CB7BA25E3EA96B010CD5E09E839649F"
set process-name3 "ERAAgent.exe"
set app-sha256-signature3 "E7B9240DBB5EA8758589DA6632D58E7BE3A90D1DC244FC75FCEEADC3C8FA91AA"
next
edit 2
set app-name "ESET Endpoint Security"
set process-name "ekrn.exe"
set app-sha256-signature "E43CF891632434B035143E57B0CB6629D7D934199A788E18E07A5C94531C7617"
set process-name2 "ekrn.exe"
set app-sha256-signature2 "EBB65611946AAA12696FE3725E2C9C77AC9D5A9CA6EAD5549E2350F95E6853BD"
set process-name3 "ekrn.exe"
set app-sha256-signature3 "A413A8E05B33441EF5D544646294BACF7CC1E43060D21770141D2C1AD4202ABA"
set process-name4 "ekrn.exe"
set app-sha256-signature4 "126AF52953D0F5072BA7718B924F68B0E7A536A7342D77EAEC80E7779294273A"
next
edit 3
set app-name "Forcepoint Endpoint"
set process-name "wepsvc.exe"
set app-sha256-signature "5617F8F39BC3D77F958FAAD52E87177DBDB8A915728782E59CF8C54875126562"
next
end
================================
Thanks for any help!
Now, i decreased app running compliance check to one application with two hashes and samed name executable files for both, and i take a trouble of not compliant status!
So, i can clarify my question - how do i set up fortigate for compliance of running applications, if application executable file is samed name but various versions are using on my computers?
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.