FortiClient Compliance Profile for check state if used app is various versions exe-files

Author
AlexandrEryomin
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/12/07 08:46:03
  • Status: offline
2019/01/08 08:03:57 (permalink)
0

FortiClient Compliance Profile for check state if used app is various versions exe-files

Hi all,
I received "not compliant" status on forticlient with fortigate compliance rules, i checked forticlient profile in fortigate and local on windows pc.
Both profiles are the same except upper case of letters in ESET Management Agent executable files.
And applications on windows pc is set on running states at services, also i checked hashes this applications - all executable file hashes is present on forticlient xml exported profile.

You are see my mistake in sections of config files? examples are in ending my post
 
Than, i decreased app running compliance check to one application with two hashes and "ekrn.exe" samed name executable files for both, and i take a trouble of not compliant status!
 
So, i can clarify my question - how do i set up fortigate for compliance of running applications, if application executable file is samed name but various versions are using on my computers?
 
 
 
================================
Forticlient xml exported profile section

<nac>

            <processes>
                <process id="1" name="ESET Management Agent" rule="present">
                    <signature name="eraagent.exe">1E6C915F18C75881562703442C1FCFB9D4CA8868FFCD52AA49A54FC4D38711B0</signature>
                    <signature name="eraagent.exe">E718D1E6217BB83713595D8C7FEB59B83CB7BA25E3EA96B010CD5E09E839649F</signature>
                    <signature name="eraagent.exe">E7B9240DBB5EA8758589DA6632D58E7BE3A90D1DC244FC75FCEEADC3C8FA91AA</signature>
                </process>
                <process id="2" name="ESET Endpoint Security" rule="present">
                    <signature name="ekrn.exe">E43CF891632434B035143E57B0CB6629D7D934199A788E18E07A5C94531C7617</signature>
                    <signature name="ekrn.exe">EBB65611946AAA12696FE3725E2C9C77AC9D5A9CA6EAD5549E2350F95E6853BD</signature>
                    <signature name="ekrn.exe">A413A8E05B33441EF5D544646294BACF7CC1E43060D21770141D2C1AD4202ABA</signature>
                    <signature name="ekrn.exe">126AF52953D0F5072BA7718B924F68B0E7A536A7342D77EAEC80E7779294273A</signature>
                </process>
                <process id="3" name="Forcepoint Endpoint" rule="present">
                    <signature name="wepsvc.exe">5617F8F39BC3D77F958FAAD52E87177DBDB8A915728782E59CF8C54875126562</signature>
                </process>
            </processes>
            <files />
            <registry />
        </nac
================================
 
Fortigate CLI profile section
config forticlient-running-app
 edit 1
set app-name "ESET Management Agent"
set process-name "ERAAgent.exe"
set app-sha256-signature "1E6C915F18C75881562703442C1FCFB9D4CA8868FFCD52AA49A54FC4D38711B0"
set process-name2 "ERAAgent.exe"
set app-sha256-signature2 "E718D1E6217BB83713595D8C7FEB59B83CB7BA25E3EA96B010CD5E09E839649F"
set process-name3 "ERAAgent.exe"
set app-sha256-signature3 "E7B9240DBB5EA8758589DA6632D58E7BE3A90D1DC244FC75FCEEADC3C8FA91AA"
next
edit 2
set app-name "ESET Endpoint Security"
set process-name "ekrn.exe"
set app-sha256-signature "E43CF891632434B035143E57B0CB6629D7D934199A788E18E07A5C94531C7617"
set process-name2 "ekrn.exe"
set app-sha256-signature2 "EBB65611946AAA12696FE3725E2C9C77AC9D5A9CA6EAD5549E2350F95E6853BD"
set process-name3 "ekrn.exe"
set app-sha256-signature3 "A413A8E05B33441EF5D544646294BACF7CC1E43060D21770141D2C1AD4202ABA"
set process-name4 "ekrn.exe"
set app-sha256-signature4 "126AF52953D0F5072BA7718B924F68B0E7A536A7342D77EAEC80E7779294273A"
next
edit 3
set app-name "Forcepoint Endpoint"
set process-name "wepsvc.exe"
set app-sha256-signature "5617F8F39BC3D77F958FAAD52E87177DBDB8A915728782E59CF8C54875126562"
next
end
================================

Thanks for any help!
post edited by AlexandrEryomin - 2019/01/10 02:42:16
#1

0 Replies Related Threads

    Jump to:
    © 2019 APG vNext Commercial Version 5.5