Fortinet black logo

EMS Administration Guide

Home FortiClient 7.0.0 EMS Administration Guide
7.0.0
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.9
6.4.8
6.4.7
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.8
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0

Antiransomware

Antiransomware

Enable antiransomware to protect specific files, folders, or file types on your endpoints from unauthorized changes.

Options

Description

Protected Folders

 Select the desired folders from the list, or click Add Folder to add a custom directory. Antiransomware protects all content in the selected folders against unauthorized changes. To remove a folder, select it then click the Remove Folder button.

Protected File Types

 Enter the desired file types to protect from suspicious activity, separating each file type with a comma. Do not include the leading dot when entering a file type. For example, to include text files, enter txt, as opposed to .txt.

Action

When antiransomware detects suspicious activity, it displays a popup asking the user if they want to terminate the process:

  • If the user selects Yes, FortiClient terminates the suspicious process.
  • If the user selects No, FortiClient allows the process to continue.
  • If the user does not select an option, FortiClient waits for the configured action timeout, then does one of the following, as configured:
    • Block access and warn user if suspicious activity is detected: FortiClient terminates the suspicious process.
    • Warn user and resume after the timeout: FortiClient allows the process to continue.

Action Timeout

Enter the desired timeout value.

Bypass Valid Signer

Enable FortiClient to exclude a process from the selected antiransomware action if it has a valid signer.
Previous
Next

Antiransomware

Enable antiransomware to protect specific files, folders, or file types on your endpoints from unauthorized changes.

Options

Description

Protected Folders

 Select the desired folders from the list, or click Add Folder to add a custom directory. Antiransomware protects all content in the selected folders against unauthorized changes. To remove a folder, select it then click the Remove Folder button.

Protected File Types

 Enter the desired file types to protect from suspicious activity, separating each file type with a comma. Do not include the leading dot when entering a file type. For example, to include text files, enter txt, as opposed to .txt.

Action

When antiransomware detects suspicious activity, it displays a popup asking the user if they want to terminate the process:

  • If the user selects Yes, FortiClient terminates the suspicious process.
  • If the user selects No, FortiClient allows the process to continue.
  • If the user does not select an option, FortiClient waits for the configured action timeout, then does one of the following, as configured:
    • Block access and warn user if suspicious activity is detected: FortiClient terminates the suspicious process.
    • Warn user and resume after the timeout: FortiClient allows the process to continue.

Action Timeout

Enter the desired timeout value.

Bypass Valid Signer

Enable FortiClient to exclude a process from the selected antiransomware action if it has a valid signer.
Previous
Next