Endpoint posture check
The following are different context-based posture checks that FortiClient EMS 7.2 supports as part of the Zero Trust solution:
Recommended posture checks
For vulnerable devices, checking for devices with high-risk vulnerabilities and above is recommended.
|
Rule type |
Posture check |
Supported operating systems |
|---|---|---|
|
Vulnerable devices |
Critical |
Windows, macOS, Linux |
|
High or higher |
||
|
Medium or higher |
||
|
Low or higher |
||
|
Antivirus software |
AV software is installed and running. For Windows, this feature supports third party AV applications. For macOS and Linux, this feature can only check if FortiClient AV protection is enabled and does not recognize third party AV applications. |
|
|
AV signature is up-to-date |
||
|
Windows security |
Windows Defender is enabled |
Windows |
|
Bitlocker Disk Encryption is enabled on all disks |
||
|
Bitlocker Disk Encryption is enabled on OS disk |
||
|
Exploit Guard is enabled |
||
|
Application Guard is enabled |
||
|
Windows Firewall is enabled |
||
|
Automatic Updates are enabled |
||
|
Security |
FileVault Disk Encryption is enabled |
macOS |
|
EMS management |
FortiClient installed and Telemetry is connected to EMS |
Windows, macOS, Linux, iOS, Android |
|
Common vulnerabilities and exposures (CVE) |
Presence of [CVE] |
Windows, macOS, Linux |
|
Firewall threat |
Presence of [firewall threat ID] |
Windows, macOS |
Other posture checks
|
Rule type |
Posture check |
Supported operating systems |
|---|---|---|
|
User in Active Directory (AD) group |
Member of [AD Group] |
Windows, macOS, Linux |
|
Certificate |
Certificate contains [Subject CN] and [Issuer CN] |
Windows, macOS, Linux |
|
CrowdStrike ZTA Score |
Zero trust assessment (ZTA) score within configured range/equal to configured value |
Windows |
|
File |
Presence of [File] |
Windows, macOS, Linux |
|
IP range |
Device in the [IP Range] |
Windows, macOS, Linux, IOS, Android |
|
Logged in domain |
Member of [Domain] |
Windows, macOS, Linux |
|
On-Fabric status |
On-Fabric |
Windows, macOS, Linux, IOS, Android |
|
OS version |
Windows Server 2022 |
Windows |
|
Windows Server 2019 |
Windows |
|
|
Windows Server 2016 |
Windows |
|
|
Windows Server 2012 R2 |
Windows |
|
|
Windows Server 2012 |
Windows |
|
|
Windows Server 2008 R2 |
Windows |
|
|
Windows 11 |
Windows |
|
|
Windows 10 |
Windows |
|
|
Windows 8.1 |
Windows |
|
|
Windows 8 |
Windows |
|
|
Windows 7 |
Windows |
|
|
Mojave |
macOS |
|
|
High Sierra |
macOS |
|
|
Sierra |
macOS |
|
|
Catalina |
macOS |
|
|
Big Sur |
macOS |
|
|
Monterey |
macOS |
|
|
Ventura |
macOS |
|
|
Sonoma |
macOS |
|
|
CentOS Stream 9 |
Linux |
|
|
CentOS Stream 8 |
Linux |
|
|
CentOS 8 |
Linux |
|
|
CentOS 7.5 |
Linux |
|
|
CentOS 7.4 |
Linux |
|
|
Red Hat 9 |
Linux |
|
|
Red Hat 8.5 |
Linux |
|
|
Red Hat 8.1 |
Linux |
|
|
Red Hat 8 |
Linux |
|
|
Red Hat 7.6 |
Linux |
|
|
Red Hat 7.5 |
Linux |
|
|
Red Hat 7.4 |
Linux |
|
|
Ubuntu 22.04 |
Linux |
|
|
Ubuntu 21.10 |
Linux |
|
|
Ubuntu 21.04 |
Linux |
|
|
Ubuntu 20 |
Linux |
|
|
Ubuntu 18.04 |
Linux |
|
|
Ubuntu 16.04 |
Linux |
|
|
Fedora 34 |
Linux |
|
|
Fedora 33 |
Linux |
|
|
Fedora 32 |
Linux |
|
|
Fedora 31 |
Linux |
|
|
Fedora Linux 37 |
Linux |
|
|
Fedora Linux 36 |
Linux |
|
|
Fedora Linux 35 |
Linux |
|
|
iOS 9, 10, 11, 12, 13, 14, 15, 16 |
iOS |
|
|
Android 5, 6, 7, 8, 9, 10, 11, 12, 13 |
Android |
|
|
Registry key |
[Registry key] |
Windows |
|
Running process |
Presence of [Running process] |
Windows, macOS, Linux |
|
Sandbox detection |
Sandbox detected malware in last seven days |
Windows, macOS |
|
User identity |
User-specified |
Windows, macOS, Linux, iOS, Android |
|
Social network login |
||
|
Verified user |
||
|
FortiEDR |
FortiEDR is installed and running |
Windows, macOS, Linux |
|
FortiClient version |
Presence of [Specified FortiClient version] |
Windows, macOS, Linux, iOS, Android |
|
Security status |
Device fulfills configured security status, such as being jailbroken or having passcode or biometrics protection enabled. |
iOS, Android |