FortiClient 6.0.0 (Windows)

F

ForgottenSeer 58943

FYI this is a pretty big release. Fortinet doesn't itemize bug fixes for the most part. There are a ton of backend fixes, internal fixes and server improvements relating to this. Most of the bugs should be resolved, including the ones reported here to me. Improvements in functionality of many of the modules are present.

Also the entire program interface was restructured and the product should feel even lighter than before, quite possibly one of the lightest AV's now.

fc2.png
 
  • Like
Reactions: BVLon, [correlate], Divine_Barakah and 16 others
Islam Gamal

Islam Gamal

Level 4
Verified
Well-known
Jan 25, 2018
155
ForgottenSeer 58943 said:
FYI this is a pretty big release. Fortinet doesn't itemize bug fixes for the most part. There are a ton of backend fixes, internal fixes and server improvements relating to this. Most of the bugs should be resolved, including the ones reported here to me. Improvements in functionality of many of the modules are present.

Also the entire program interface was restructured and the product should feel even lighter than before, quite possibly one of the lightest AV's now.

View attachment 189679
Click to expand...
Can i use it with comodo firewall ??
 
  • Like
Reactions: AtlBo, DDE_Server and Weebarra
Chimaira

Chimaira

Level 4
Verified
Well-known
Jan 5, 2018
163
ForgottenSeer 58943 said:
FYI this is a pretty big release. Fortinet doesn't itemize bug fixes for the most part. There are a ton of backend fixes, internal fixes and server improvements relating to this. Most of the bugs should be resolved, including the ones reported here to me. Improvements in functionality of many of the modules are present.

Also the entire program interface was restructured and the product should feel even lighter than before, quite possibly one of the lightest AV's now.

View attachment 189679
Click to expand...

Is 6.0 available for download yet? I can't find it anywhere
 
  • Like
Reactions: AtlBo and Weebarra
F

ForgottenSeer 58943

Chimaira said:
Is 6.0 available for download yet? I can't find it anywhere
Click to expand...

It's on the Fortinet FTP portal for Partners, Employees, etc. It should appear on the main page next week.

Here's the installer, I uploaded it to a fileshare site if anyone doesn't want to wait a week. It's clean, it's identical MD5 as the one on the Fortinet FTP server.

FortiClientSetup_6.0.0.0067_x64.exe
 
  • Like
Reactions: Handsome Recluse, kevinssi, TairikuOkami and 12 others
F

ForgottenSeer 58943

davisd said:
Very clean and neat updated interface. Now I am interested in it more like before. (y) @ForgottenSeer 58943 How would you rate it now vs SHP for those without FortiGate?
Click to expand...

Without a Fortigate and/or FortiSandbox I would rate it average at best..

Which means I still wouldn't run it vanilla. I would make some CONF tweaks to ramp it up a bit. Then add in something like OSArmor or VoodooShield with it. I think it would be pretty hard, if not impossible to infect a box with FortiClient+OSArmor/VoodooShield, honestly and you can do it all without spending a dime out of your pocket.

Also, keeping with privacy. FortiClient has checkboxes to disable all analytics, logging, and telemetry. It can run totally silent.
 
  • Like
Reactions: DDE_Server, AtlBo, Sunshine-boy and 10 others
TairikuOkami

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,639
Is there any way to test web filtering, it does not seem to be blocking anything?
Or does it work only on supported browsers or only on unecrypted DNS requests?
 
  • Like
Reactions: AtlBo
Moonhorse

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
TairikuOkami said:
Is there any way to test web filtering, it does not seem to be blocking anything?
Or does it work only on supported browsers or only on unecrypted DNS requests?
Click to expand...
Turn pornography filter on and test some sites, it will work for sure
 
  • Like
Reactions: AtlBo
cruelsister

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
As FC6 is now public, I did a quick dance with it. The AV definitions are OK, but nothing special. For example, this Blackswap banking trojan that's been out for a month: Antivirus scan for 5349a0c06823fa285faa31381b5566b2a3d8990f6a5b6775288471caa35f8516 at 2018-06-06 22:47:23 UTC - VirusTotal

The system was infected and the malware persists on reboot and was not detected after a Full scan. FC6 also was oblivious to previously Forked processes and their vectors.

It surprised me that it was good at detecting worms with nastier persistence mechanisms; it also surprised me that it allowed a drop and autostart of a slightly modified AlphaCrypt. Finally it did not do well at all against newly coded KillDisk (not that it should, as it is a traditional AV).
 
  • Like
  • HaHa
Reactions: kylprq, Handsome Recluse, Dave Russo and 13 others
Moonhorse

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
cruelsister said:
As FC6 is now public, I did a quick dance with it. The AV definitions are OK, but nothing special. For example, this Blackswap banking trojan that's been out for a month: Antivirus scan for 5349a0c06823fa285faa31381b5566b2a3d8990f6a5b6775288471caa35f8516 at 2018-06-06 22:47:23 UTC - VirusTotal

The system was infected and the malware persists on reboot and was not detected after a Full scan. FC6 also was oblivious to previously Forked processes and their vectors.

It surprised me that it was good at detecting worms with nastier persistence mechanisms; it also surprised me that it allowed a drop and autostart of a slightly modified AlphaCrypt. Finally it did not do well at all against newly coded KillDisk (not that it should, as it is a traditional AV).
Click to expand...
Hows the Performance? Do you recommend it over wd example?
 
  • Like
Reactions: Handsome Recluse and AtlBo
F

ForgottenSeer 58943

One must keep in mind, FortiClient is largely configured out of the box to cause the least problems in enterprise environments with the FGT and FSB doing the heavy lifting. If you want to test it stand alone I would advise some basic changes.

<heuristic_scanning>
<level>0</level>

I'd put that at 2 or 3. Since it defaults to off.

<use_extreme_db>0</use_extreme_db>

Defaults to 0, by default it uses the normal database for the most relevant threats. Extended for slightly aged threats, and extreme for all of the databases combined and Zoo threats. One should toggle this to 1 rather than 0.

<use_sandbox_signatures>0</use_sandbox_signatures>

Defaults to 0 which is off. When toggled to 1 it will pull down the newest, most relevant emerging threats from the global FSB databases which are the combined horsepower of all deployed FortiSandboxes and the signatures those are generating.

The reason these are all essentially off out of the box is because they could theoretically offer false positives and other issues in an complex enterprise environment so it's up to the administrator to decide, then test, and adjust if necessary. I'd strongly encourage these to be enabled for a better picture of overall detection levels. Once the settings to the CONF are made, one should reboot the system afterward.
 
  • Like
Reactions: Handsome Recluse, oldschool, Dave Russo and 11 others
Fel Grossi

Fel Grossi

Level 13
Thread author
Verified
Top Poster
Well-known
Jan 17, 2014
627
cruelsister said:
As FC6 is now public, I did a quick dance with it. The AV definitions are OK, but nothing special. For example, this Blackswap banking trojan that's been out for a month: Antivirus scan for 5349a0c06823fa285faa31381b5566b2a3d8990f6a5b6775288471caa35f8516 at 2018-06-06 22:47:23 UTC - VirusTotal

The system was infected and the malware persists on reboot and was not detected after a Full scan. FC6 also was oblivious to previously Forked processes and their vectors.
Click to expand...
What is funnier is that I already sent this Blackswap to Fortinet and Microsoft a week ago, and to this day neither of them detects.
 
  • Like
Reactions: Dave Russo, AtlBo, simmerskool and 2 others
F

ForgottenSeer 58943

Felipe Oliveira said:
What is funnier is that I already sent this Blackswap to Fortinet and Microsoft a week ago, and to this day neither of them detects.
Click to expand...

I'm skeptical of this claim. You should rarely wait longer than 60 minutes after a submission to Fortinet TAC for a response from a malware analyst.

submitvirus@fortinet.com

Is the only supported way of direct submission. The online scanner is Machine Learning System that isn't nearly as fast if it doesn't identify a threat outright.
 
  • Like
Reactions: oldschool, AtlBo and simmerskool
Fel Grossi

Fel Grossi

Level 13
Thread author
Verified
Top Poster
Well-known
Jan 17, 2014
627
ForgottenSeer 58943 said:
I'm skeptical of this claim. You should rarely wait longer than 60 minutes after a submission to Fortinet TAC for a response from a malware analyst.

submitvirus@fortinet.com

Is the only supported way of direct submission. The online scanner is Machine Learning System that isn't nearly as fast if it doesn't identify a threat outright.
Click to expand...
Lol. Ok then.

Yes, I send it by email only when the file is larger than 1MB, when it is smaller I send it through the online scanner (as it was in this case). But anyway, by now I believe you have already sent this Blackswap to them, and as you can see, so far none of those quoted.

I also really like Fortinet as well as COMODO. Whenever I have contact with malware I send to Fortinet, COMODO and Microsoft, if malware is Brazilian I also send to Avast and Avira, which are very prevalent here in Brazil.

VirusTotal
 
  • Like
Reactions: Handsome Recluse and AtlBo
F

ForgottenSeer 58943

The email should always be used. That goes right to the lab guys. The online one is ML/AI, and not parsed as quickly.

Try submitting to the email above and it should be taken care of in about 60 minutes or less.
 
  • Like
Reactions: oldschool, AtlBo and simmerskool
F

ForgottenSeer 58943

Felipe Oliveira said:
Lol. Ok then.

Yes, I send it by email only when the file is larger than 1MB, when it is smaller I send it through the online scanner (as it was in this case). But anyway, by now I believe you have already sent this Blackswap to them, and as you can see, so far none of those quoted.

I also really like Fortinet as well as COMODO. Whenever I have contact with malware I send to Fortinet, COMODO and Microsoft, if malware is Brazilian I also send to Avast and Avira, which are very prevalent here in Brazil.

VirusTotal
Click to expand...

Can you archive this and PM me a copy? I want to send it directly to the lab guys and see what they say.
 
  • Like
Reactions: AtlBo and Chimaira

Similar threads

lokamoka820
    • Like
    • Hundred Points
    • Wow
New Update Windows 11 24H2: Cleanup is no longer deleting all temporary files
Replies
9
Views
479
Windows 11
pxxb1
P
lokamoka820
    • Like
New Update Ubuntu MATE 24.10 Release Notes
Replies
1
Views
170
ChromeOS & Linux
Bot
Bot
bjm_
    • Like
    • Hundred Points
New Update Sandboxie-Plus 1.14.10
Replies
1
Views
277
Sandboxie
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top