Good day,
I am now studying the technical docs related to the FortiEDR solution. The documentation specifically points out that its antimalware engine is SIGNATURELESS, which is pretty much different from conventional AV. Anyway, there must be some sort of heuristics (Indicators of Compromise, Indicators of Attack,...) built into the product. Obviously, these heuristics should regularly be actualized.
What confuses me a bit is that the docs explain in much detail how to update the software itself (from one version to another) but it says nothing as to how to update heuristics only (while leaving the program modules intact). Is there any mechanism of updating solely antimalware interception logic?
Any extra info on this would be very helpful.
Hello Andrey,
Thank you for using the Community Forum.
Did you have already a look into our Knowledge Base?:
https://community.fortinet.com/t5/FortiEDR/tkb-p/TKB17?pageNum=1
You will have a lot of Technical Tip or some Threat coverage.
Regards,
Dear Anthony,
I think I have looked through all of the tickets, but I haven't found such general info. I may have missed something, though. For example, new heuristics come out and they naturally need to be propagated to the collectors running on protected endpoints so that the collectors would have actualized viral patterns in order to spot new threats even in the autonomous mode.
Dear Andrey,
I will try to find somebody who could help us with heuristics.
Form you side, if you have any information, could you please share it with us ?
Regards
Dear Anthony,
Thank you for getting involved. Sure, if I find any info as regards my question, I will share my new knowledge with you.
Best regards,
Andrey
Hello Andrey,
Thanks a lot :)!
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.