Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
Andy_G
Staff
Staff

Created on ‎09-21-2018 04:54 AM Edited on ‎09-13-2023 07:27 AM By Moderator

Article Id 192355

Technical Note: AntiVirus (AV) information to provide Support

Description

 
This article provides a list of information to provide Support upon opening a case regarding functionality for currently supported Antivirus packages.
Requests to add support for an Antivirus package should be submitted as a New Feature Request (NFR). See the related KB article below.


Scope

 
FortiNAC versions 9.x and greater.


Solution

 

Endstation Product Information:

 
Always provide:
  • Agent Version.
  • Screen capture of the failed program's Help -> About.
  • Application Type (ex: Antivirus/OS).
  • Program Vendor.
  • Application Name.
  • Program Version.
  • Definition Version.
  • Windows endstation: Registry Dump of HKEY_LOCAL_MACHINE\Software\.

  1. Run Windows Regedit
  2. 'Right-click' on HKEY_LOCAL_MACHINE\Software\
  3. 'Right-click' and select EXPORT.
  4. Select 'Text Files' for 'Save as Type'.
  • Mac OSX endstation: Output of the following command run via the hosts terminal: pkgutil --pkgs.

 

NAC Administration UI:
 
Always provide:
  • Appliance version (Help -> About).
If the program is not detected at all:
  • Screen capture of failed scan results from affected endstation for a policy with ALL AV checked and Preferred option set to None.  If one does not already exist...

  1. Create a new Endpoint Compliance Policy (navigate to Policy > Policy Configuration) using the following settings:
  • User/Host Profile that has the MAC address of the affected endstation added under the Adapter tab in the Physical Address field.
  • Endpoint Compliance Configuration with ALL AV programs selected, Validation of the following option set to Any and Preferred option set to None.  
  • Set Rank for new policy to 1 to ensure endstation match.

  1. Confirm policy matches using the Policy Details option in Host View.

  2. Scan endstation and provide a screen capture of failed scan results and scan configuration using the instructions below.

     

If scans are failing inappropriately:
  • Screen capture of the failed scan results.
  1. Navigate to Users & Hosts -> Hosts and search for the affected host record.
  2. 'Right-click' and select Host Health.
  3. Select History tab.
  4. Select the Failed status for the details of the scan result.
  • Screen capture of scan configuration.
  1. Navigate to Policy & Objects -> Endpoint Compliance.
  2. Select Scans.
  3. Highlight the scan listed in the scan results and select Modify or 'Double-click'.
  4. Select the appropriate operating system tab (Windows, Mac-OS-X, or Linux).
  5. Select the appropriate Category from the drop-down.
  6. Select the failed program name.
Related Articles:
Technical Note: Information to provide when requesting AntiVirus (AV) support 
Labels:
2243
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.