- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiEDR How to update antimalware heuristics without updating the software vesion
Good day,
I am now studying the technical docs related to the FortiEDR solution. The documentation specifically points out that its antimalware engine is SIGNATURELESS, which is pretty much different from conventional AV. Anyway, there must be some sort of heuristics (Indicators of Compromise, Indicators of Attack,...) built into the product. Obviously, these heuristics should regularly be actualized.
What confuses me a bit is that the docs explain in much detail how to update the software itself (from one version to another) but it says nothing as to how to update heuristics only (while leaving the program modules intact). Is there any mechanism of updating solely antimalware interception logic?
Any extra info on this would be very helpful.
- Labels:
-
FortiEDR
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Andrey,
Thank you for using the Community Forum.
Did you have already a look into our Knowledge Base?:
https://community.fortinet.com/t5/FortiEDR/tkb-p/TKB17?pageNum=1
You will have a lot of Technical Tip or some Threat coverage.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Anthony,
I think I have looked through all of the tickets, but I haven't found such general info. I may have missed something, though. For example, new heuristics come out and they naturally need to be propagated to the collectors running on protected endpoints so that the collectors would have actualized viral patterns in order to spot new threats even in the autonomous mode.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Andrey,
I will try to find somebody who could help us with heuristics.
Form you side, if you have any information, could you please share it with us ?
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Anthony,
Thank you for getting involved. Sure, if I find any info as regards my question, I will share my new knowledge with you.
Best regards,
Andrey
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Andrey,
Thanks a lot :)!
Regards,