These additional features are only usable if all the collectors that belong to a specific OS have been upgraded to 5.0. (i.e. – All Windows OS collectors need to be at 5.0 regardless of what group they belong to in an organization. Mac OS and Linux distros don’t need to be at 5.0 when writing exceptions for Windows collectors though).
Everyone who has written an exception so far is familiar with the triggered rule section. This allows you to decide the executable or DLL, path, and possibly script where the exception will be defined. In the 5.0 console, you can now place dependencies on these, meaning you can say “I want to allow cscript.exe to run in the \Windows\System32 path, using test123.vbs for the script and only when it’s been created by svchost.exe.” Previously you could only say “I want to allow cscript.exe to run on a given path or test123.vbs for the script” Writing exceptions using dependencies ultimately makes them more secure, so please try to use them when possible.
Below is a screenshot showing an example of one of these next to the flow graph where you can see regsvr32.exe was created by helper.exe.
If you have questions about writing exceptions or need assistance with anything else related to FortiEDR, open a support case a https://myaccount.eatel.com and we’ll be happy to help.
Your VENYU Team
