I'm using Endpoint Compliance Policies on my FNAC-F, by now, I'm just seen if the hosts have FNAC Persistent Agent installed and if they're on Active Directory domain.
But now I want to also validate if the antivirus is installed, so my idea is to setup one policy above the oldest one, with same parameters and antivirus scan. And I also wanna change the old policy to instead of mark the host as "Safe", mark it as "At Risk", just so I can have an inventory of hosts with and without antivirus.
So, my doubt is how exactly can I do this? The only way that I saw is using the Endpoint Compliance>Actions>Add and create a security action to Mark the Host as At Risk one matches a policy, but to be honest, I don't know how to go works, I didn't found any documentation about setting up actions on Endpoint Compliances.
Do Endpoint Compliance Policies have a default action to set host as Safe? If I create a new policy, will it override the default? And mark hosts as At Risk is just a parameter, or does it have an impact on the host access? (Keep in mind that I'll create one network Access policy to allow access for this hosts until I stabilize this)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You don't have to use custom Actions. You will just need a Policy to point to a Configuration and a Scan. Based on scan results the host status will change to At-risk (+ sign) or normal. If the host is at risk and the Remediation is enforced the host will get isolated, there is no need for a network access policy (stage 5). If the host is in normal state the Network access policy will be evaluated.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.