Moonhorse

Level 25
Content Creator
Verified
Unrated sites should never be blocked or that setting will cause major grief.

The setting is there for restrictive corporate/enterprise/govt. systems that restrict access to unknown/unquantified entities. A consumer should never do this as illustrated above. It can block everything, even Windows Updates at times. Since a corporate network probably pushes from WSUS anyway.
But is that blocked by default? I was running default settings + blocked p2p sites
 

Slyguy

Level 40
But is that blocked by default? I was running default settings + blocked p2p sites
I believe it is on by default for the client and fortigate appliances. It's generally shipped for better settings for corporate. Which is why the default firewall policy of deny/deny/all is shipped by default. Can't have folks plugging things in and getting exposed. So yes, by default it could be fairly aggressive and may need to be adjusted.
 

Slyguy

Level 40
Don't even install the firewall module.

It's not a firewall in the true sense of a firewall, it's an application firewall that ties into the Fortigate Appliance on the network to help offer L7 management/control/security of application use on a system. Without an appliance, that module is pointless and actually serves no purpose at all.
 

Moonhorse

Level 25
Content Creator
Verified
But the weird thing is that ram usage is less than without firewall module
Normally forticlient av module sits around 100mb? But with the application firewall its at 4mb and firewall at 50

Thats less ram, but still having the av working as intended?
 

Windows_Security

Level 22
Content Creator
Trusted
Verified
No sandbox functionality was ever in FortiClient Free. Regardless of what it says, enabling it does nothing unless you can pair it with a Sandbox. So it never worked, regardless. I think I have mentioned that a few times around these parts.
Yes, you made that clear. Until recently it was possible (thanks to suggestions of you and other forum members) to enable sandbox signatures. When enabled it showed in the GUI/monitor that those signatures were updated also. So people using Forticlient free could
l benefit from the detection of other users with sandbox/fortiguard functionality.

With the sandbox signatures enabled in the XML configuration file, Forticlient Free flagged downloads from VX-Vault/Malc0de/etc as malware. Without the sandbox signatures not a beep. The big benefit of Forticlient free with Sandbox sigantures was that it blocked all recently found suspicious executables.

A while ago Forticlient stopped updating sandbox signatures and it sadly allowed all new malware samples from VX-Vault/Malc0de/etc. This is the problem @Tume reported and I confirmed (same observation, helas no sandbox signatures for free forticlient anymore).
 
Last edited:

Kuttz

Level 12
Verified
I have a weird issue with FC were I simply can't enable Dynamic Threat Detection feature. If I try to enable it in the settings after exiting settings page the feature automatically get disabled. On my previous try on FC I remember successfully enabling this feature. Now I can't.
 
  • Like
Reactions: AtlBo and oldschool

Moonhorse

Level 25
Content Creator
Verified
I have a weird issue with FC were I simply can't enable Dynamic Threat Detection feature. If I try to enable it in the settings after exiting settings page the feature automatically get disabled. On my previous try on FC I remember successfully enabling this feature. Now I can't.
You need to have ATP installed, during installation phase
 
  • Like
Reactions: AtlBo and Kuttz

ticklemefeet

Level 21
Verified
I am confused. When I click on the Forticlient link above and go to their site, I see a download button. When I click on that and chose Windows, I am taken to the Microsoft store. At the store there is no download, only an install button. I click that and it installs a version 1 something that has no GUI.

EDIT: My brain dead self had installed the Windows app for phone LOL. Got the right download now.
 
  • Like
Reactions: AtlBo and Moonhorse

Moonhorse

Level 25
Content Creator
Verified
Anyone have fix for the forticlient web filter restricting youtube, making it completely unusable
 
  • Like
Reactions: AtlBo

Moonhorse

Level 25
Content Creator
Verified
Stupid question, but how? im getting dizzle
asdt.png


If you are using the free version like me, you can not add it to the exclusion list.
Sorry just did mislead your post.....seems i have to either remove forticlient or stay with the filtering:cry:
 
Last edited:
  • Like
Reactions: AtlBo

TairikuOkami

Level 22
Content Creator
Verified
Anyone have fix for the forticlient web filter restricting youtube, making it completely unusable
No problem here. Upon installing, the log showed youtube/googlevideo blocked, but it still worked, nevertheless after updating, it does not show as blocked. The web filter works otherwise, based on the selected categories, so maybe reinstalling and updating would help.

If you are using the free version like me, you can not add it to the exclusion list.
You have to Unlock Settings to be able to change them.
 

Attachments