Ensure FortiGate Application Control blocks high risk applications to reduce attack surface. Rationale: High risk applications such as those in 'P2P' and 'Proxy' are known for spreading malware. Some of this traffic is encrypted and therefore is able to bypass network security inspection (for those without decryption implemented). Blocking these applications from running eliminates this risk. If any application that falls under 'P2P' and 'Proxy' is required to be allowed based on an organization's policy, that specific application needs to be under 'Monitor' mode in the 'Application and Filter Override' configuration. NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Review Application Control Security Profiles and validate that 'P2P' and 'Proxy' category is blocked. Default Value: All application category 'Action' is set as 'Monitor' by default.