Slyguy

Level 40
FYI this is a pretty big release. Fortinet doesn't itemize bug fixes for the most part. There are a ton of backend fixes, internal fixes and server improvements relating to this. Most of the bugs should be resolved, including the ones reported here to me. Improvements in functionality of many of the modules are present.

Also the entire program interface was restructured and the product should feel even lighter than before, quite possibly one of the lightest AV's now.

fc2.png
 

Eslam Gamal

Level 2
FYI this is a pretty big release. Fortinet doesn't itemize bug fixes for the most part. There are a ton of backend fixes, internal fixes and server improvements relating to this. Most of the bugs should be resolved, including the ones reported here to me. Improvements in functionality of many of the modules are present.

Also the entire program interface was restructured and the product should feel even lighter than before, quite possibly one of the lightest AV's now.

View attachment 189679
Can i use it with comodo firewall ??
 

Chimaira

Level 4
FYI this is a pretty big release. Fortinet doesn't itemize bug fixes for the most part. There are a ton of backend fixes, internal fixes and server improvements relating to this. Most of the bugs should be resolved, including the ones reported here to me. Improvements in functionality of many of the modules are present.

Also the entire program interface was restructured and the product should feel even lighter than before, quite possibly one of the lightest AV's now.

View attachment 189679
Is 6.0 available for download yet? I can't find it anywhere
 
  • Like
Reactions: AtlBo and Weebarra

Slyguy

Level 40
Is 6.0 available for download yet? I can't find it anywhere
It's on the Fortinet FTP portal for Partners, Employees, etc. It should appear on the main page next week.

Here's the installer, I uploaded it to a fileshare site if anyone doesn't want to wait a week. It's clean, it's identical MD5 as the one on the Fortinet FTP server.

FortiClientSetup_6.0.0.0067_x64.exe
 

Slyguy

Level 40
Very clean and neat updated interface. Now I am interested in it more like before. (y) @Slyguy How would you rate it now vs SHP for those without FortiGate?
Without a Fortigate and/or FortiSandbox I would rate it average at best..

Which means I still wouldn't run it vanilla. I would make some CONF tweaks to ramp it up a bit. Then add in something like OSArmor or VoodooShield with it. I think it would be pretty hard, if not impossible to infect a box with FortiClient+OSArmor/VoodooShield, honestly and you can do it all without spending a dime out of your pocket.

Also, keeping with privacy. FortiClient has checkboxes to disable all analytics, logging, and telemetry. It can run totally silent.
 

TairikuOkami

Level 22
Content Creator
Verified
Is there any way to test web filtering, it does not seem to be blocking anything?
Or does it work only on supported browsers or only on unecrypted DNS requests?
 
  • Like
Reactions: AtlBo

Moonhorse

Level 25
Content Creator
Verified
Is there any way to test web filtering, it does not seem to be blocking anything?
Or does it work only on supported browsers or only on unecrypted DNS requests?
Turn pornography filter on and test some sites, it will work for sure
 
  • Like
Reactions: AtlBo

cruelsister

Level 36
Content Creator
Trusted
Verified
As FC6 is now public, I did a quick dance with it. The AV definitions are OK, but nothing special. For example, this Blackswap banking trojan that's been out for a month: Antivirus scan for 5349a0c06823fa285faa31381b5566b2a3d8990f6a5b6775288471caa35f8516 at 2018-06-06 22:47:23 UTC - VirusTotal

The system was infected and the malware persists on reboot and was not detected after a Full scan. FC6 also was oblivious to previously Forked processes and their vectors.

It surprised me that it was good at detecting worms with nastier persistence mechanisms; it also surprised me that it allowed a drop and autostart of a slightly modified AlphaCrypt. Finally it did not do well at all against newly coded KillDisk (not that it should, as it is a traditional AV).
 

Moonhorse

Level 25
Content Creator
Verified
As FC6 is now public, I did a quick dance with it. The AV definitions are OK, but nothing special. For example, this Blackswap banking trojan that's been out for a month: Antivirus scan for 5349a0c06823fa285faa31381b5566b2a3d8990f6a5b6775288471caa35f8516 at 2018-06-06 22:47:23 UTC - VirusTotal

The system was infected and the malware persists on reboot and was not detected after a Full scan. FC6 also was oblivious to previously Forked processes and their vectors.

It surprised me that it was good at detecting worms with nastier persistence mechanisms; it also surprised me that it allowed a drop and autostart of a slightly modified AlphaCrypt. Finally it did not do well at all against newly coded KillDisk (not that it should, as it is a traditional AV).
Hows the Performance? Do you recommend it over wd example?
 

Slyguy

Level 40
One must keep in mind, FortiClient is largely configured out of the box to cause the least problems in enterprise environments with the FGT and FSB doing the heavy lifting. If you want to test it stand alone I would advise some basic changes.

<heuristic_scanning>
<level>0</level>

I'd put that at 2 or 3. Since it defaults to off.

<use_extreme_db>0</use_extreme_db>

Defaults to 0, by default it uses the normal database for the most relevant threats. Extended for slightly aged threats, and extreme for all of the databases combined and Zoo threats. One should toggle this to 1 rather than 0.

<use_sandbox_signatures>0</use_sandbox_signatures>

Defaults to 0 which is off. When toggled to 1 it will pull down the newest, most relevant emerging threats from the global FSB databases which are the combined horsepower of all deployed FortiSandboxes and the signatures those are generating.

The reason these are all essentially off out of the box is because they could theoretically offer false positives and other issues in an complex enterprise environment so it's up to the administrator to decide, then test, and adjust if necessary. I'd strongly encourage these to be enabled for a better picture of overall detection levels. Once the settings to the CONF are made, one should reboot the system afterward.
 

Felipe Oliveira

Level 12
Tester
Verified
As FC6 is now public, I did a quick dance with it. The AV definitions are OK, but nothing special. For example, this Blackswap banking trojan that's been out for a month: Antivirus scan for 5349a0c06823fa285faa31381b5566b2a3d8990f6a5b6775288471caa35f8516 at 2018-06-06 22:47:23 UTC - VirusTotal

The system was infected and the malware persists on reboot and was not detected after a Full scan. FC6 also was oblivious to previously Forked processes and their vectors.
What is funnier is that I already sent this Blackswap to Fortinet and Microsoft a week ago, and to this day neither of them detects.
 

Slyguy

Level 40
What is funnier is that I already sent this Blackswap to Fortinet and Microsoft a week ago, and to this day neither of them detects.
I'm skeptical of this claim. You should rarely wait longer than 60 minutes after a submission to Fortinet TAC for a response from a malware analyst.

submitvirus@fortinet.com

Is the only supported way of direct submission. The online scanner is Machine Learning System that isn't nearly as fast if it doesn't identify a threat outright.
 

Felipe Oliveira

Level 12
Tester
Verified
I'm skeptical of this claim. You should rarely wait longer than 60 minutes after a submission to Fortinet TAC for a response from a malware analyst.

submitvirus@fortinet.com

Is the only supported way of direct submission. The online scanner is Machine Learning System that isn't nearly as fast if it doesn't identify a threat outright.
Lol. Ok then.

Yes, I send it by email only when the file is larger than 1MB, when it is smaller I send it through the online scanner (as it was in this case). But anyway, by now I believe you have already sent this Blackswap to them, and as you can see, so far none of those quoted.

I also really like Fortinet as well as COMODO. Whenever I have contact with malware I send to Fortinet, COMODO and Microsoft, if malware is Brazilian I also send to Avast and Avira, which are very prevalent here in Brazil.

VirusTotal
 

Slyguy

Level 40
The email should always be used. That goes right to the lab guys. The online one is ML/AI, and not parsed as quickly.

Try submitting to the email above and it should be taken care of in about 60 minutes or less.
 

Slyguy

Level 40
Lol. Ok then.

Yes, I send it by email only when the file is larger than 1MB, when it is smaller I send it through the online scanner (as it was in this case). But anyway, by now I believe you have already sent this Blackswap to them, and as you can see, so far none of those quoted.

I also really like Fortinet as well as COMODO. Whenever I have contact with malware I send to Fortinet, COMODO and Microsoft, if malware is Brazilian I also send to Avast and Avira, which are very prevalent here in Brazil.

VirusTotal
Can you archive this and PM me a copy? I want to send it directly to the lab guys and see what they say.
 
  • Like
Reactions: AtlBo and Chimaira