Fortinet black logo

New Features

Home FortiClient 7.2.0 New Features
7.2.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0

PUA detection 7.2.2

PUA detection 7.2.2

You can now see all potentially unwanted applications (PUA) on the new PUA dashboard in EMS. You can also see PUA events on the endpoint details page. This feature requires the Endpoint Protection Platform license and for the Software Inventory feature to be enabled on EMS. EMS compares the software inventory that it receives from FortiClient to the PUA signatures it receives from the FortiGuard distribution servers (FDS). If EMS determines any of the applications are a PUA, it displays it on the PUA dashboard.

To enable PUA detection:

  1. In EMS, go to Endpoint Profiles > System Settings.

  2. On the desired System Settings profile, under Endpoint Control, enable Send Software Inventory.

  3. After FortiClient receives the updated profile and sends its software inventory to EMS, go to Software Inventory > Applications. The PUA Category column indicates whether an application is considered a PUA, and, if so, what PUA category it belongs to. You can also use the PUAs button at the top to only view PUAs.

  4. Go to Dashboard > Potentially Unwanted Applications.

    You can view PUA information in the following widgets:

    Widget

    Description

    Potentially Unwanted Applications Summary

    Shows all detected PUAs categorized into the following:

    • Illegal or unethical

    • Cryptomining

    • Hacking

    • Unpopular

    • Phishing

    • Malicious

    Endpoint PUA Status

    Shows how many endpoints have PUAs and how many do not.

    PUA Detection Timeline

    		Shows historical events related to PUA detection on a timeline. Hover over the red circles to see a popup with PUA detection count and the PUAs detected during that time period.

    PUA Total Timeline

    Shows line chart of PUA detection and uninstall events. Hover over the green icircles to see a popup with PUA totals, PUA detection count, and three events in that time period.

    Top 10 Hosts with PUAs

    Displays the ten endpoints that have the most PUAs and the number of PUAs detected on those endpoints.

    Top 10 Unwanted Applications

    Displays the top ten most common PUAs and the number of hosts where the PUAs have been detected. Click the vulnerability name to see information about the vulnerability on FortiGuard.

    You can drill down on information in the widgets. For example, for the Potentially Unwanted Applications Summary widget, you can click the Unpopular section of the chart to view all unpopular PUAs detected on endpoints. From there, you can further click a PUA to view all endpoints that have that PUA currently installed.

  5. Go to Endpoints > All Endpoints. Select the desired endpoint. On the PUA Events tab, the default view, Status, shows PUAs currently installed on the endpoint. You can select Events to view all PUA events, including install and uninstall events.

  6. PUA detection requires PUA signatures. EMS downloads these signatures from FDS. Go to System Settings > FortiGuard Services > View Signature List to view the PUA signature version.
Previous
Next

PUA detection 7.2.2

You can now see all potentially unwanted applications (PUA) on the new PUA dashboard in EMS. You can also see PUA events on the endpoint details page. This feature requires the Endpoint Protection Platform license and for the Software Inventory feature to be enabled on EMS. EMS compares the software inventory that it receives from FortiClient to the PUA signatures it receives from the FortiGuard distribution servers (FDS). If EMS determines any of the applications are a PUA, it displays it on the PUA dashboard.

To enable PUA detection:

  1. In EMS, go to Endpoint Profiles > System Settings.

  2. On the desired System Settings profile, under Endpoint Control, enable Send Software Inventory.

  3. After FortiClient receives the updated profile and sends its software inventory to EMS, go to Software Inventory > Applications. The PUA Category column indicates whether an application is considered a PUA, and, if so, what PUA category it belongs to. You can also use the PUAs button at the top to only view PUAs.

  4. Go to Dashboard > Potentially Unwanted Applications.

    You can view PUA information in the following widgets:

    Widget

    Description

    Potentially Unwanted Applications Summary

    Shows all detected PUAs categorized into the following:

    • Illegal or unethical

    • Cryptomining

    • Hacking

    • Unpopular

    • Phishing

    • Malicious

    Endpoint PUA Status

    Shows how many endpoints have PUAs and how many do not.

    PUA Detection Timeline

    		Shows historical events related to PUA detection on a timeline. Hover over the red circles to see a popup with PUA detection count and the PUAs detected during that time period.

    PUA Total Timeline

    Shows line chart of PUA detection and uninstall events. Hover over the green icircles to see a popup with PUA totals, PUA detection count, and three events in that time period.

    Top 10 Hosts with PUAs

    Displays the ten endpoints that have the most PUAs and the number of PUAs detected on those endpoints.

    Top 10 Unwanted Applications

    Displays the top ten most common PUAs and the number of hosts where the PUAs have been detected. Click the vulnerability name to see information about the vulnerability on FortiGuard.

    You can drill down on information in the widgets. For example, for the Potentially Unwanted Applications Summary widget, you can click the Unpopular section of the chart to view all unpopular PUAs detected on endpoints. From there, you can further click a PUA to view all endpoints that have that PUA currently installed.

  5. Go to Endpoints > All Endpoints. Select the desired endpoint. On the PUA Events tab, the default view, Status, shows PUAs currently installed on the endpoint. You can select Events to view all PUA events, including install and uninstall events.

  6. PUA detection requires PUA signatures. EMS downloads these signatures from FDS. Go to System Settings > FortiGuard Services > View Signature List to view the PUA signature version.
Previous
Next