FortiEDRCollector (Windows) - Protection may be disabled by local attacker


An improper access control vulnerabilty [CWE-284] in FortiEDRCollectorWindows may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service. 

Affected Products

FortiEDRCollectorWindows version and below
FortiEDRCollectorWindows and below
FortiEDRCollectorWindows  4.0 all versions


Please upgrade to FortiEDRCollectorWindows version or above
Please upgrade to FortiEDRCollectorWindows version or above


2023-11-07: Initial publication