Fortinet white logo
Fortinet white logo

EMS Administration Guide

Viewing the Endpoint Scan Status

Viewing the Endpoint Scan Status

To view the Endpoint Scan Status:
  1. Go to Dashboard > Vulnerability Scan.

    The Endpoint Scan Status chart organizes endpoints by type:

    • 11/21 are Secured (green section)
    • 1/21 is Vulnerable (red section)
    • 6/21 are Un-Scanned (yellow section)
    • 3/21 are Scanning (grey section)
  2. Click the Vulnerable section to view all vulnerabilities detected on vulnerable endpoints:

    Patch All

    Click this button to patch all vulnerabilities currently displayed on the content pane. The vulnerabilities are patched with the next Telemetry communication between FortiClient EMS and the endpoint.

    Refresh

    Click to refresh the list of vulnerabilities in the content pane.

    Clear Filters

    Click to clear all filters applied to the list of vulnerabilities.

    Hostname

    Hostname of the endpoint where the vulnerability was detected.

    Username

    User that is currently logged into the endpoint where the vulnerability was detected.

    Vulnerability

    Displays the number of vulnerabilities detected on the endpoint at each severity level. In this example, the endpoint has 11 critical vulnerabilities, 20 high risk vulnerabilities, and 5 medium risk vulnerabilities that can be patched using FortiClient.

    The same endpoint also has 2 critical vulnerabilities that must be manually patched.

    Patch Status

    You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.

    If a patch is already scheduled for the vulnerability, this column displays Scheduled.

    If the vulnerability must be patched manually, this column displays Manual Patch.

    FortiClient may be unable to automatically patch the vulnerability due to one of the following reasons:

    • Third-party application vulnerabilities: incorrect or missing installation paths
    • OS vulnerabilities: Windows update service is disabled

    In these cases, EMS may incorrectly display the status of these vulnerabilities that were selected to be automatically patched as Scheduled instead of Failed.

    You can filter the list of vulnerable endpoints by any column by clicking the filter icon beside the desired heading. Enter the value to include in the filter. You can toggle the All/Any/Not button for the following options:

    • All: Display all files that match the set filter.
    • Any: Display any file that matches the set filter.
    • Not: Display only files that do not match the set filter.
  3. Click a hostname. You can view all vulnerabilities detected on that endpoint. You can filter the list of vulnerabilities in the same way that you can filter the list of vulnerable endpoints in step 2.

  4. Go back, then click one of the sections under the Vulnerability column to view all vulnerabilities detected on the selected endpoint at the selected severity. The example displays all critical vulnerabilities for the selected endpoint. You can filter the list of vulnerabilities in the same way that you can filter the list of vulnerable endpoints in step 2.

    Vulnerability

    Name of the vulnerability.

    Category

    Category of the vulnerability.

    Severity

    Severity level of the vulnerability.

    Patch Status

    You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.

    If a patch is already scheduled for the vulnerability, this column displays Scheduled.

    If the vulnerability must be patched manually, this column displays Manual Patch.

    FortiClient may be unable to automatically patch the vulnerability due to one of the following reasons:

    • Third-party application vulnerabilities: incorrect or missing installation paths
    • OS vulnerabilities: Windows update service is disabled

    In these cases, EMS may incorrectly display the status of these vulnerabilities that were selected to be automatically patched as Scheduled instead of Failed.

Viewing the Endpoint Scan Status

Viewing the Endpoint Scan Status

To view the Endpoint Scan Status:
  1. Go to Dashboard > Vulnerability Scan.

    The Endpoint Scan Status chart organizes endpoints by type:

    • 11/21 are Secured (green section)
    • 1/21 is Vulnerable (red section)
    • 6/21 are Un-Scanned (yellow section)
    • 3/21 are Scanning (grey section)
  2. Click the Vulnerable section to view all vulnerabilities detected on vulnerable endpoints:

    Patch All

    Click this button to patch all vulnerabilities currently displayed on the content pane. The vulnerabilities are patched with the next Telemetry communication between FortiClient EMS and the endpoint.

    Refresh

    Click to refresh the list of vulnerabilities in the content pane.

    Clear Filters

    Click to clear all filters applied to the list of vulnerabilities.

    Hostname

    Hostname of the endpoint where the vulnerability was detected.

    Username

    User that is currently logged into the endpoint where the vulnerability was detected.

    Vulnerability

    Displays the number of vulnerabilities detected on the endpoint at each severity level. In this example, the endpoint has 11 critical vulnerabilities, 20 high risk vulnerabilities, and 5 medium risk vulnerabilities that can be patched using FortiClient.

    The same endpoint also has 2 critical vulnerabilities that must be manually patched.

    Patch Status

    You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.

    If a patch is already scheduled for the vulnerability, this column displays Scheduled.

    If the vulnerability must be patched manually, this column displays Manual Patch.

    FortiClient may be unable to automatically patch the vulnerability due to one of the following reasons:

    • Third-party application vulnerabilities: incorrect or missing installation paths
    • OS vulnerabilities: Windows update service is disabled

    In these cases, EMS may incorrectly display the status of these vulnerabilities that were selected to be automatically patched as Scheduled instead of Failed.

    You can filter the list of vulnerable endpoints by any column by clicking the filter icon beside the desired heading. Enter the value to include in the filter. You can toggle the All/Any/Not button for the following options:

    • All: Display all files that match the set filter.
    • Any: Display any file that matches the set filter.
    • Not: Display only files that do not match the set filter.
  3. Click a hostname. You can view all vulnerabilities detected on that endpoint. You can filter the list of vulnerabilities in the same way that you can filter the list of vulnerable endpoints in step 2.

  4. Go back, then click one of the sections under the Vulnerability column to view all vulnerabilities detected on the selected endpoint at the selected severity. The example displays all critical vulnerabilities for the selected endpoint. You can filter the list of vulnerabilities in the same way that you can filter the list of vulnerable endpoints in step 2.

    Vulnerability

    Name of the vulnerability.

    Category

    Category of the vulnerability.

    Severity

    Severity level of the vulnerability.

    Patch Status

    You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.

    If a patch is already scheduled for the vulnerability, this column displays Scheduled.

    If the vulnerability must be patched manually, this column displays Manual Patch.

    FortiClient may be unable to automatically patch the vulnerability due to one of the following reasons:

    • Third-party application vulnerabilities: incorrect or missing installation paths
    • OS vulnerabilities: Windows update service is disabled

    In these cases, EMS may incorrectly display the status of these vulnerabilities that were selected to be automatically patched as Scheduled instead of Failed.