Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎10-18-2018 09:52 AM

Article Id 194091

Technical Note: Host marked for delayed remediation is isolated sooner than expected

Description
A host marked for Delayed Remediation is marked "At-Risk" and moved to Remediation before the Delayed Remediation timer has run out.

Solution
If the host no longer matches the original Endpoint Compliance Policy, and matches some other policy, then a different scan may run.

To verify if multiple scans have been run, do the following:
  1. Navigate to Hosts > Host View and search for the affected host record. 
  2. Right click on the host record select Host Health.
  3. Once the extra scan has been identified check History to see when the scan was last run. 
  4. Review the scan configuration under Policy > Policy Configuration to verify if the setting for Remediation.  If set to "On Failure", then the host would be marked At-Risk immediately (regardless if the Delayed Remediation timer had not run out for the other scan).
  5. Review User/Host Profiles for the appropriate Endpoint Compliance policy and investigate why the host may have no longer matched.

Labels:
340
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.