FortiEndpoint displays inaccurate user information for endpoints running on the Windows Server operating system.

No message to explain why the user cannot set the UI to prevention mode when all policies are in simulation mode.

Number of destinations under communication control is limited to 100 IP addresses.

Safari 11.1 on macOS malfunctions when viewing events.

EDR Connect cannot be used to run commands that are user-interactive.

On Linux, threat hunting exclusions only work in kernel space mode, not in user space mode.

Device internal and external IP is missing from Threat Hunting events of Linux devices.

Linux Collector content file is large and uploads slowly to the Central Manager.

Application Control search only works by exact match

EDR Connect session may be disconnected due to inactivity of the EDR Console, even though the Connect session is active.

Raw data IDs appearing in the Collector tray and Incidents view may differ.

Application Control cannot remove multiple tags in one action.

In some network configurations, a rare issue might cause Collectors to be detected as IoT devices.

Threat Hunting: The tooltip displayed when hovering might prevent access to adding a filter.

When switching to Threat Hunting from Incidents > Automated Analysis, queries malfunction when more than one device is involved

Workaround: Filter by the same Collectors directly from Threat Hunting, which brings results.

"Query Parsing Failed" in Threat hunting pops up multiple times after invalid query.

Free text query in threat hunting, when using invalid text, no error message is displayed. The query returns empty results.

Unable to filter by empty registry names in facets in Threat Hunting.

In Threat Hunting, clicking Retrieve Target File for "File Rename" events retrieves the old file name instead of the renamed one.

In a threat hunting search, if you search for "Target.Registry.Path:" AND "Registry.Path" the results will be empty

Workaround: Use either "Target.Registry.Path" or "Registry.Path" in a specific search.

IoT filter by ״First connection=Today״ brings empty results.

Investigation View: Incident response data is inaccurate.

Unarchiving all events in large environments might cause the EDR console to malfunction.

Workaround: Filter events before unarchiving to reduce unarchive size.

In the Investigation View, the message is wrong in the Block address on firewall window when you click Firewall Block.

System event page default filtering is required.

In some cases, the communication control feature does not work due to unforeseen technical issues.

Some event log entries in threat hunting display logged event values in incorrect logged event fields.

Incorrect threat hunting profile order of Fortinet pre-defined application profiles.

Improve "file permission change" text in Threat Hunting Exclusions display.

Added Threat Hunting columns are inaccessible unless the columns are narrowed.

Log does not contain concrete helpful errors for API.

Threat Hunting Collection Profiles - rule name and icon not aligned.

Security events fully covered by an exception retains the full coverage indication icon even after new uncovered raw data items come in.

Missing field in Checkpoint firewall integration.

Failure to delete aggregations in big bulks over 20K.

Confusing error message when uploading a wrong formatted file in Application Control Manager > Upload Applications.

Ad hoc network discovery tooltip has a mistake in Japanese.

Incident view count changes with sort.

Syslog is created with no audit.

No validation for SecurityExclusionRepoEntity.path in exclusions configuration.