All news with #fortiedr tag

Hidden Forensic Evidence in Windows ETL: Diagtrack File

🔍 FortiGuard IR analysts discovered that an obscure ETL file, AutoLogger-Diagtrack-Listener.etl, can retain historical process execution data useful for post-incident forensics. Parsing ETW payloads exposed ProcessStarted events including ImageName, ProcessID, ParentProcessID and sometimes CommandLine entries that revealed deleted tools. Controlled testing showed creating the autologger and setting AllowTelemetry=3 often produced an empty file, indicating the DiagTrack service may populate the file only under undocumented conditions. Further research is needed to understand when and how this telemetry is written.

FortiEDR Earns AV-Comparatives 2025 EPR Certification

🔒 FortiEDR was certified in the 2025 AV-Comparatives Endpoint Prevention & Response (EPR) test, an independent, hands-on evaluation that mapped 50 multi-stage attack chains to the MITRE ATT&CK framework. The certification validates FortiEDR's prevention-first design, strong real-time blocking, automated remediation, and extensive forensic capabilities while maintaining low false positives. AV-Comparatives also ranked FortiEDR favorably for total cost of ownership by combining product pricing with operational workload.

FortiEDR Earns AV-Comparatives 2025 EPR Certification

🔒 FortiEDR, Fortinet’s prevention-first endpoint detection and response solution, earned AV-Comparatives’ 2025 Endpoint Prevention & Response (EPR) certification following a hands-on evaluation of multi-stage attack chains. The certification highlights FortiEDR’s strong prevention, precise response capabilities, low false-positive rates, and automation that reduces analyst workload. Reviewers also noted the product’s integration across the Fortinet Security Fabric and support for legacy Windows platforms as meaningful differentiators.