FortiClient 6.0.0 (Windows)

F

ForgottenSeer 58943

Felipe Oliveira said:
Sent via PM.
Click to expand...

Within 38 minutes of me getting it the lab analyzed it and issued a signature update.

Hey Sly,

Thank you for submitting your sample to Fortinet. Based on our initial analysis, the sample contains malicious code and warrants the following detection:

"FV_003818806753.jse" - MD5:f8ce875dd49e7c20ccf1f27dd68f9970 - JS/Nemucod.EAN!tr.dldr

The signature will be included in our earliest possible Virus Signature update.

If for any reason you believe this file is still not being detected email me back personally.

Regards,

AV Lab - Gabriel
Click to expand...
 
  • Like
Reactions: Handsome Recluse, Al-Faqir, oldschool and 7 others
imuade

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
ForgottenSeer 58943 said:
<heuristic_scanning>
<level>0</level>

I'd put that at 2 or 3. Since it defaults to off.

<use_extreme_db>0</use_extreme_db>

Defaults to 0, by default it uses the normal database for the most relevant threats. Extended for slightly aged threats, and extreme for all of the databases combined and Zoo threats. One should toggle this to 1 rather than 0.

<use_sandbox_signatures>0</use_sandbox_signatures>

Defaults to 0 which is off. When toggled to 1 it will pull down the newest, most relevant emerging threats from the global FSB databases which are the combined horsepower of all deployed FortiSandboxes and the signatures those are generating.
Click to expand...
I've been using Forticlient 6 for a while and I really like it :)
Yesterday I checked the conf file and I found out that both use_extreme_db and use_sandbox_signatures were ON by default.
I only had to enable heuristic and antirootkit scanning (default: <antirootkit>0</antirootkit>)

<antirootkit> Enable or disable antirootkit. This field is a bit mask. When set to 0, all antirootkit features are disabled. 4294947295 (=0xffffffff) means all antirootkit features are enabled.
Click to expand...
 
  • Like
Reactions: simmerskool, oldschool and AtlBo
Moonhorse

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
imuade said:
I've been using Forticlient 6 for a while and I really like it :)
Yesterday I checked the conf file and I found out that both use_extreme_db and use_sandbox_signatures were ON by default.
I only had to enable heuristic and antirootkit scanning (default: <antirootkit>0</antirootkit>)
Click to expand...
Do forticlient inject browser for you? Just curious since, it would be antivirus doing that and antivirus signatures / web filter has their own signatures. So are they both as strong when it comes into blocking malicious sites?
 
  • Like
Reactions: simmerskool, oldschool and AtlBo
imuade

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
Moonhorse said:
Do forticlient inject browser for you? Just curious since, it would be antivirus doing that and antivirus signatures / web filter has their own signatures. So are they both as strong when it comes into blocking malicious sites?
Click to expand...
I didn't check that but I don't think it does. Forticlient web filter works system-wide, it's not related to a specific browser (it's similar to K9 Web Protection)

EDIT
I found these two explanations about how Web Filter works:
Web filter – Fortinet FortiGate
FortiGuard Web Filtering Service
 
Last edited:
  • Like
Reactions: Handsome Recluse, simmerskool, oldschool and 2 others
Moonhorse

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
imuade said:
I didn't check that but I don't think it does. Forticlient web filter works system-wide, it's not related to a specific browser (it's similar to K9 Web Protection)

EDIT
I found these two explanations about how Web Filter works:
Web filter – Fortinet FortiGate
FortiGuard Web Filtering Service
Click to expand...
Yep, cheers. I moved on with fortinets antivirus since it caused the chrome injection...but windows defender/ CCAV doesnt.

Im still using forticlient web filter, but kinda want to have behaviour blocker and my only options seems to be either qihoo or bitdefender, without messing up with chrome.
 
  • Like
Reactions: simmerskool, oldschool and AtlBo
imuade

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
Moonhorse said:
Yep, cheers. I moved on with fortinets antivirus since it caused the chrome injection...but windows defender/ CCAV doesnt.

Im still using forticlient web filter, but kinda want to have behaviour blocker and my only options seems to be either qihoo or bitdefender, without messing up with chrome.
Click to expand...
You can try OSArmor :)
CCAV doesn't have web filtering, so it can't inject Chrome.
I moved from Chrome to Firefox because I noticed some CPU spikes with Chrome. With Firefox and FortiClient full suite everything is working smoothly :)
 
  • Like
Reactions: simmerskool, oldschool, Bill K and 2 others
Moonhorse

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
imuade said:
You can try OSArmor :)
CCAV doesn't have web filtering, so it can't inject Chrome.
I moved from Chrome to Firefox because I noticed some CPU spikes with Chrome. With Firefox and FortiClient full suite everything is working smoothly :)
Click to expand...
Bit off topic but, i have currently

- Syshardener max
- OSA
- fortinet web filter
- CCAV

Just want to have light av, im not sure is either ccav or defender lighter :emoji_grimacing: Yep firefox just is kind of memory hog, but with 8gb of ram you will never burn it all
 
  • Like
Reactions: simmerskool, oldschool and AtlBo
imuade

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
Moonhorse said:
Bit off topic but, i have currently

- Syshardener max
- OSA
- fortinet web filter
- CCAV

Just want to have light av, im not sure is either ccav or defender lighter :emoji_grimacing: Yep firefox just is kind of memory hog, but with 8gb of ram you will never burn it all
Click to expand...
For my experience, every AV is lighter than Windows Defender :D:D:D
I used CCAV before and I liked it, but then it started slowing down boot time and web browsing, so I have been looking for an alternative and trying nearly everything (Avast, Kaspersky, Tencent, Immunet, Qihoo).
Now I think I'll settle down with FortiClient, unless it breaks my PC after a Patch Tuesday Windows Update...
 
  • Like
Reactions: amico81, simmerskool, oldschool and 4 others
Moonhorse

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
imuade said:
For my experience, every AV is lighter than Windows Defender :D:D:D
I used CCAV before and I liked it, but then it started slowing down boot time and web browsing, so I have been looking for an alternative and trying nearly everything (Avast, Kaspersky, Tencent, Immunet, Qihoo).
Now I think I'll settle down with FortiClient, unless it breaks my PC after a Patch Tuesday Windows Update...
Click to expand...
Same for me when using comodo products and windows updates. Well syshardener is killing boot time anyways but same with you, il be swapping forever
 
  • Like
Reactions: simmerskool, oldschool and AtlBo
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Question about installing FC. Install all of the packages for first look?

Am not familiar with FC, but I need something to pair with Comodo Firewall. Not that I am in love with Comodo Firewall, so if I should at least disable elements for now to test this, I am ready. I use OSArmor with all the options selected, and @ForgottenSeer 58943's comments got me started. I don't have any signatures on the system at this point. However, it's the web filtering that got me started really.

Thanks for this:

ForgottenSeer 58943 said:
It's on the Fortinet FTP portal for Partners, Employees, etc. It should appear on the main page next week.

Here's the installer, I uploaded it to a fileshare site if anyone doesn't want to wait a week. It's clean, it's identical MD5 as the one on the Fortinet FTP server.

FortiClientSetup_6.0.0.0067_x64.exe
Click to expand...
 
  • Like
Reactions: simmerskool and oldschool
Moonhorse

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
AtlBo said:
Question about installing FC. Install all of the packages for first look?

Am not familiar with FC, but I need something to pair with Comodo Firewall. Not that I am in love with Comodo Firewall, so if I should at least disable elements for now to test this, I am ready. I use OSArmor with all the options selected, and @ForgottenSeer 58943's comments got me started. I don't have any signatures on the system at this point. However, it's the web filtering that got me started really.

Thanks for this:
Click to expand...
You probably only need to enable ATP+ web filter + antivirus during installing

ATP = sandbox + dynamic threat protection, you can disable sandbox since youre using comodo firewall if you want to

Also anti-exploit becomes redundant, so you may disable it aswell since youre running OSA
 
  • Like
Reactions: simmerskool, oldschool, AtlBo and 1 other person
imuade

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
AtlBo said:
Question about installing FC. Install all of the packages for first look?

Am not familiar with FC, but I need something to pair with Comodo Firewall. Not that I am in love with Comodo Firewall, so if I should at least disable elements for now to test this, I am ready. I use OSArmor with all the options selected, and @ForgottenSeer 58943's comments got me started. I don't have any signatures on the system at this point. However, it's the web filtering that got me started really.

Thanks for this:
Click to expand...
Moonhorse said:
You probably only need to enable ATP+ web filter + antivirus during installing

ATP = sandbox + dynamic threat protection, you can disable sandbox since youre using comodo firewall if you want to

Also anti-exploit becomes redundant, so you may disable it aswell since youre running OSA
Click to expand...

This is what I have installed:

forticlient1.png


Application firewall and single sign on are useful only if you use it in managed mode (connected to FortiGate)
 
  • Like
Reactions: simmerskool, oldschool, AtlBo and 3 others

Similar threads

lokamoka820
    • Like
    • Hundred Points
    • Wow
New Update Windows 11 24H2: Cleanup is no longer deleting all temporary files
Replies
9
Views
479
Windows 11
pxxb1
P
lokamoka820
    • Like
New Update Ubuntu MATE 24.10 Release Notes
Replies
1
Views
172
ChromeOS & Linux
Bot
Bot
bjm_
    • Like
    • Hundred Points
New Update Sandboxie-Plus 1.14.10
Replies
1
Views
277
Sandboxie
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top