Vulnerability Scan

Vulnerability Scan

FortiClient includes a Vulnerability Scan module to check endpoint workstations for known system vulnerabilities. The vulnerability scan results can include:

  • List of vulnerabilities for Microsoft operating systems, third-party software, and Microsoft software detected on the endpoint device
  • Links to more information l Links to Microsoft bulletin reports
  • Software patches that can be installed to resolve or close detected vulnerabilities

You can scan on-demand. The scan results display a summary of vulnerabilities found in the system with links to more details, including links to the FortiGuard Center (FortiGuard.com) for more information. Links to remediation patches might also be included.

Whether and how remediation patches are applied to endpoints depends on the settings in the FortiClient profile that is assigned to the endpoint. Patches can be automatically applied to the FortiClient endpoint to enforce network compliance, or you can manually apply patches. FortiClient checks vulnerabilities for the following software:

  • Microsoft Security Update l Firefox l Firefox ESR l Google Chrome l Java JDK l Java JRE l Adobe Flash Player

For the latest list of supported software, see the FortiGuard Center (FortiGuard.com) .

Enable vulnerability scan

The administrator enables and configures the vulnerability scan feature in a FortiClient profile by using FortiGate/EMS.

Enable vulnerability scan in FortiClient profiles (EMS)

In EMS 1.0.1 and later, the vulnerability scan feature is visible by default in the FortiClient profile. The EMS administrator may choose to enable this feature in the FortiClient profile. The EMS administrator can also schedule vulnerability scans and configure remediation patches to be automatically installed on endpoints. For more information, see the FortiClient EMS Administration Guide.

 

Scan now

Enable vulnerability scan in FortiClient profiles (FortiGate)

In FortiGate 5.4.1 and later, the vulnerability scan feature is visible by default in the FortiClient profile. The FortiGate administrator may choose to enable this feature in the FortiClient profile.

Scan now

To scan now:

  1. In the FortiClient console, click the Vulnerability Scan
  2. Click the Scan Now FortiClient scans your workstation for known vulnerabilities.

When the scan is complete, FortiClient displays a summary of vulnerabilities found on the system.

View scan results

Vulnerability scan results are organized into the following categories:

l Critical vulnerabilities l Vulnerabilities detected

You can use the vulnerability scan results to learn more about vulnerabilities on your computer and to learn what actions you can take to address the vulnerabilities.

When remediation patches are available for software that is running on the managed endpoint, the vulnerability scan results might include the option to install software patches that address the identified vulnerability. See Install remediation patches on page 97.

View scan results

To view scan results:

  1. In the FortiClient console, click the Vulnerability Scan
  2. Beside Vulnerabilities Detected, click the <number>

A summary of vulnerabilities detected on your system is displayed.

  1. Click the tabs, such as OS, Browser, and so on, to view all vulnerabilities.
  2. On each tab, click Critical Vulnerabilities, High Vulnerabilities, Medium Vulnerabilities, and Low Vulnerabilities to view the vulnerabilities in each category for each tab.

View scan results

  1. When available, click the Details icon to view details about the vulnerability.

You can scroll to the bottom of the window to click links to more information about CVE IDs and vendor information.

  1. Click OK to return to the previous screen, and click Close to return to the Vulnerability Scan For information on installing patches, see Install remediation patches on page 97.

View details of scan results

View details of scan results

To view details of scan results:

  1. In the FortiClient console, click the Vulnerability Scan
  2. Under Vulnerabilities Detected, click Critical, High, Medium, or Low when the results are greater than 0.

A summary of vulnerabilities detected on your system is displayed. Click the tabs, such as OS, Browser, and so on, to view all vulnerabilities.

  1. Click the Details icon for more information.

You can scroll to the bottom of the window to click links to more information about CVE (common vulnerabilities and exposures) IDs and vendor information.

Install remediation patches

  1. Click OK to return to the previous screen, and click Close to return to the Vulnerability Scan

Install remediation patches

When remediation patches are available for software that is running on the managed endpoint, the vulnerability scan results might include the option to install software patches that address the identified vulnerability.

Access to software patches is controlled by the FortiClient profile configuration. Depending on the FortiClient profile settings, the patches might be installed for you, or you might be able to choose what patches to install. In some cases, you must install the software patches to maintain network access. For example, if compliance is configured to block network access for non-compliant endpoints, software patches must be installed to maintain network access.

To install remediation patches:

  1. In the FortiClient console, click the Vulnerability Scan
  2. Beside Vulnerabilities Detected, click the <number> link to review information about vulnerabilities before installing patches.

Alternately, you can click Fix Now to install all remediation patches.

Install remediation patches

  1. Select the check box for each patch that you want to install.

Click the tabs, such as OS, Browser, and so on, to view all vulnerabilities. On each tab, click Critical Vulnerabilities, High Vulnerabilities, Medium Vulnerabilities, and Low Vulnerabilities to view the vulnerabilities in each category for each tab.

You may be unable to choose which patches to install, depending on your FortiClient configuration.

  1. Click the Install Selected button to install the selected patches.

FortiClient installs the patches. You may need to reboot the endpoint device to complete installation.

 

This entry was posted in FortiClient and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

One thought on “Vulnerability Scan

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.