Vulnerability Scan
FortiClient includes an Vulnerability Scan module to check your workstation for known system vulnerabilities. You can scan on-demand or on a scheduled basis. This feature is disabled by default and the tab is hidden for standalone clients. For users who are registered to a FortiGate using endpoint control, the FortiGate administrator may choose to enable this feature. Vulnerability Scan is enabled via the FortiGate Command Line Interface (CLI) only. Once enabled, the Endpoint Vulnerability Scan on Client setting is available in the FortiClient Profile.
Enable vulnerability scan
This section describes how to enable Vulnerability Scan in the FortiClient Profile via the FortiGate CLI and configuration options.
- Enable Vulnerability Scan in the FortiClient Profile:
- Log in to your FortiGate CLI.
- Enter the following CLI commands: config endpoint-control profile edit <profile-name> config forticlient-winmac-settings set forticlient-vuln-scan enable set forticlient-vuln-scan-schedule {daily | weekly | monthly} set forticlient-vuln-scan-on-registration {enable | disable} set forticlient-ui-options {av | wf | af | vpn | vs}
end end
<profile-name> Enter the name of the FortiClient Profile. |
forticlient-vuln-scan Enable or disable the Vulnerability Scan module. {enable | disable} |
forticlient-vuln- Configure a daily, weekly, or monthly vulnerability scan on the client scan-schedule workstation.
{daily | weekly | monthly} |
forticlient-vuln- Enable or disable vulnerability scan on client registration to FortiGate.
scan-on-registration {enable | disable} |
Scan now Vulnerability Scan
forticlient-uioptions {av | wf | af | vpn | vs} | Set the FortiClient components that will be available to the client upon registration with FortiGate. l av: Antivirus l wf: Web Filter l af: Application Firewall l vpn: Remote Access l vs: Vulnerability Scan |
- The FortiGate will send the FortiClient Profile configuration update to registered clients. The Vulnerability Scan tab is now accessible in FortiClient.
Scan now
To perform a vulnerability scan, select the Scan Now button in the FortiClient console. FortiClient will scan your workstation for known vulnerabilities. The console displays the date of the last scan above the button.
You can select to use a FortiManager device for client software and signature updates. When configuring the FortiClient Profile, select Use FortiManagerforclient software/signature update to enable the feature and enter the IP address of your FortiManager device.
View vulnerabilities
When the scan is complete, FortiClient will display the number of vulnerabilities found in the FortiClient console.
Select the Vulnerabilities Detected link to view a list of vulnerabilities detected on your system. Conversely, select Detected: X on the Vulnerability Scan tab to view the vulnerabilities.
Vulnerability Scan View vulnerabilities
This page displays the following:
Vulnerability Name | The name of the vulnerability |
Severity | The severity level assigned to the vulnerability: Critical, High, Medium, Low, or Info. |
Details | FortiClient vulnerability scan lists a Bugtraq (BID) number under the details column. You can select the BID to view details of the vulnerability on the FortiGuard site, or search the web using this BID number. |
Close | Close the window and return to the FortiClient console. |
Select the Details ID number from the list to view information on the selected vulnerability on the FortiGuard site.
The site details the release date, severity, impact, description, affected products, and recommended actions.
I am looking into deploying the vulnerability scan for 90 workstations and would like FortiClient to patch the updates if possible. Is there a way to control when the patches and restarts will occur and or enable a prompt for the user to control this aspect so their work is not interrupted?
Are you controlling the FortiClient from the Gate itself or EMS?
From the EMS, really the issue here is we have teachers in 3 different buildings and not much for workstation management. If we could maintain some of the updates using the vulnerability aspect that would be great. But when we run it the workstations restart to install updates with no real logic. So I am trying to figure out where the restart factor is coming in and can it be manipulated to wait for a specific time or prompt the user.
Dane,
Are you running Active Directory?
No
I have a customer that’s neither controlling by the gate or EMS, they are just stand alone clients. Seems that in 5.6 the vulnerability piece is ON by default, and runs when you install it. The customer states that he’s had several users that say it really impacts their laptop while the scan is running. Is there a way to 1) remove the scan piece from the default install or 2) create a custom package where it’s removed? They don’t want it at all, and are not centrally controlling Forticlient’s via profile.
They can edit the config file to change behaviors and scan times if they are doing it manually. I would highly suggest they control the client via EMS or Gate though. It helps so much from an ease of configuration point of view.