Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
andrey_kazantsev
New Contributor II

FortiEDR How to update antimalware heuristics without updating the software vesion

Good day,

I am now studying the technical docs related to the FortiEDR solution. The documentation specifically points out that its antimalware engine is SIGNATURELESS, which is pretty much different from conventional AV. Anyway, there must be some sort of heuristics (Indicators of Compromise, Indicators of Attack,...) built into the product. Obviously, these heuristics should regularly be actualized.

 

What confuses me a bit is that the docs explain in much detail how to update the software itself (from one version to another) but it says nothing as to how to update heuristics only (while leaving the program modules intact). Is there any mechanism of updating solely antimalware interception logic?

 

Any extra info on this would be very helpful.

5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Hello Andrey,

 

Thank you for using the Community Forum.

 

Did you have already a look into our Knowledge Base?:

 

https://community.fortinet.com/t5/FortiEDR/tkb-p/TKB17?pageNum=1

 

You will have a lot of Technical Tip or some Threat coverage.


Regards,

Anthony-Fortinet Community Team.
andrey_kazantsev

Dear Anthony,

I think I have looked through all of the tickets, but I haven't found such general info. I may have missed something, though. For example, new heuristics come out and they naturally need to be propagated to the collectors running on protected endpoints so that the collectors would have actualized viral patterns in order to spot new threats even in the autonomous mode.

 

Anthony_E
Community Manager
Community Manager

Dear Andrey,

 

I will try to find somebody who could help us with heuristics.

Form you side, if you have any information, could you please share it with us ?

 

Regards

 

 

Anthony-Fortinet Community Team.
andrey_kazantsev

Dear Anthony,

Thank you for getting involved. Sure, if I find any info as regards my question, I will share my new knowledge with you.

 

Best regards,

Andrey

Anthony_E
Community Manager
Community Manager

Hello Andrey,

 

Thanks a lot :)!

 

Regards,

Anthony-Fortinet Community Team.
Labels
Top Kudoed Authors