Viewing the Endpoint Scan Status
To view the Endpoint Scan Status:
- Go to Dashboard > Vulnerability Scan.
On the Endpoint Scan Status chart, endpoints are organized by type:
- 11/21 are Secured (green section)
- 1/21 is Vulnerable (red section)
- 6/21 are Un-Scanned (yellow section)
- 3/21 are Scanning (grey section)
- Click the Vulnerable section to view all vulnerabilities detected on vulnerable endpoints:
Patch All
Click this button to patch all vulnerabilities currently displayed on the content pane. The vulnerabilities are patched with the next Telemetry communication between FortiClient EMS and the endpoint.
Refresh
Click to refresh the list of vulnerabilities in the content pane.
Clear Filters
Click to clear all filters applied to the list of vulnerabilities.
Hostname
Hostname of the endpoint where the vulnerability was detected.
Username
User that is currently logged into the endpoint where the vulnerability was detected.
Vulnerability
Displays the number of vulnerabilities detected on the endpoint at each severity level. In this example, the endpoint has 11 critical vulnerabilities, 20 high risk vulnerabilities, and 5 medium risk vulnerabilities that can be patched using FortiClient.
The same endpoint also has 2 critical vulnerabilities that must be manually patched.
Patch Status
You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.
If a patch is already scheduled for the vulnerability, this column displays Scheduled.
If the vulnerability must be patched manually, this column displays Manual Patch.
FortiClient may be unable to automatically patch the vulnerability due to one of the following reasons:
- Third-party application vulnerabilities: incorrect or missing installation paths
- OS vulnerabilities: Windows update service is disabled
In these cases, EMS may incorrectly display the status of these vulnerabilities that were selected to be automatically patched as Scheduled instead of Failed.
You can filter the list of vulnerable endpoints by any column by clicking the filter icon beside the desired heading. Enter the value to include in the filter. You can toggle the All/Any/Not button for the following options:
- All: Display all files that match the set filter.
- Any: Display any file that matches the set filter.
- Not: Display only files that do not match the set filter.
- Click a hostname. You can view all vulnerabilities detected on that endpoint. You can filter the list of vulnerabilities in the same way that you can filter the list of vulnerable endpoints in step 2.
- Go back, then click one of the sections under the Vulnerability column to view all vulnerabilities detected on the selected endpoint at the selected severity. The example displays all critical vulnerabilities for the selected endpoint. You can filter the list of vulnerabilities in the same way that you can filter the list of vulnerable endpoints in step 2.
Vulnerability
Name of the vulnerability.
Category
Category of the vulnerability.
Severity
Severity level of the vulnerability.
Patch Status
You can click the Patch button to patch the selected vulnerability with the next Telemetry communication between FortiClient EMS and the endpoint.
If a patch is already scheduled for the vulnerability, this column displays Scheduled.
If the vulnerability must be patched manually, this column displays Manual Patch.
FortiClient may be unable to automatically patch the vulnerability due to one of the following reasons:
- Third-party application vulnerabilities: incorrect or missing installation paths
- OS vulnerabilities: Windows update service is disabled
In these cases, EMS may incorrectly display the status of these vulnerabilities that were selected to be automatically patched as Scheduled instead of Failed.