FortiClient & FortiClient EMS 6.4.0 adds quarantine support for FortiClient (Linux). You can quarantine any compromised Linux machine through FortiClient. If a Linux machine is compromised or infected with malicious software, you can isolate the compromised machine by blocking all of the infected machine's network access so that it does not impact other machines or resources on the network.
- In EMS, go to All Endpoints, then select the desired endpoint.
- From the Action dropdown list, select Quarantine.
After you quarantine the endpoint, FortiClient displays the Quarantine screen and blocks all of the machine's network access. You can also show a customized message on FortiClient when it is quarantined. See Customizing the endpoint quarantine message.
In EMS, the endpoint Status on the Summary tab changes from Registered to Quarantined.
After you clear the infected machine of the malicious software or vulnerable application, you can remove the endpoint from quarantine to restore its network connectivity. You can select the endpoint and select Unquarantine from the Actions dropdown list in EMS, or you can provide the user with the one-time quarantine access code shown on the Summary tab in EMS.