I would like to know how mach forticlient take to update their AV database!? now there as new ransomware called [size="3"]WannaCry hitting computers ! did forticlient update their AV signature ? to detect this attack ? [/size]
So the IPS signature won't automatically protect client systems if your IPS sensors' filters have Location: Clients.
I noticed that MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.Execution is also listed under IPS "Rate Based Signatures" for each IPS sensor, though it is disabled. Anybody know if you can set threshold and duration for a rate based signature so it blocks on the first one?
@tanr: I also noticed that the IPS signature wasn't targeting clients. I've done what you suggested and manually added it to our IPS client sensor profile. It appears under Rate Based Signatures and is enabled by default with a threshold of zero, which hopefully means that it will block on the first attack.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.