- Apr 16, 2017
- 2,613
yeah, I have a few questions and needed tweaks re the webfilter too
I was looking for something to do this weekend anyway. 
FortiClient 6.0.0 (Windows)
- Thread starter Fel Grossi
- Start date
yeah, I have a few questions and needed tweaks re the webfilter too
I was looking for something to do this weekend anyway. 
- Apr 21, 2018
- 397
First results on hub not so promising compared to others.
- Jul 29, 2018
- 566
Fortinet's documentation is pretty good, you can have a look at it:yeah, I have a few questions and needed tweaks re the webfilter too
https://docs.fortinet.com/forticlient/admin-guides
https://docs.fortinet.com/d/forticlient-6.0.0-xml-reference
A very useful under-the-hood setting is <popup_registry_alerts>0</popup_registry_alerts>. If you set it to 1, FortiClient displays alerts if a process tries to change registry start items.
Everyone here said FortiClient shouldn't be tested alone, but at least with SysHardened (if not with OSArmor). It would be nice if @MoriartyOW could make some tests with FC + SH (as @Evjl's Rain usually does with Avast).
I think SH would have picked the missed samples of this test https://malwaretips.com/threads/30-08-2018-21.86368/ and the setting I wrote above should have prevented the items set on startup (you can see them in Autoruns and Process Explorer)
I did some tests of forticlient with default and tweaked settings following ForgottenSeer 58943's guide
https://malwaretips.com/threads/mixed-threats-16-02-2018-20.79975/#post-711851
https://malwaretips.com/threads/12-2-2018-18.79838/#post-711224
https://malwaretips.com/threads/mixed-threats-09-02-2018-15.79759/#post-710676
if you consider testing forticlient with SH, you can also read in these tests. Let's assume we use SH => all script malwares will be ignored. Forticlient only has to deal with .exe malwares. Still, due to a lack of BB, forticlient won't manage to pass these tests
for example, this sample
https://malwaretips.com/threads/mixed-threats-09-02-2018-15.79759/post-710676
- Jul 29, 2018
- 566
Yeah, Avast is superior in that regard because of Hardened Mode.
That's why I use FC + SH + OSA
EDIT: you tested FC v.5, it would be nice if you could test v.6 too
hope someone will test it because I quit testing for a whileYeah, Avast is superior in that regard because of Hardened Mode.
That's why I use FC + SH + OSA
EDIT: you tested FC v.5, it would be nice if you could test v.6 too
some people never believe my tests so a different person will do it better
- Jul 29, 2018
- 566
Too bad, someone makes a great job for free and people dare to complain... :emoji_angry:
- Dec 29, 2014
- 1,716
I've been using Forticlient 6 for a while and I really like it
Yesterday I checked the conf file and I found out that both use_extreme_db and use_sandbox_signatures were ON by default.
I only had to enable heuristic and antirootkit scanning (default: <antirootkit>0</antirootkit>)
@imuade is this a simple 0 to 1 toggle for each antirootkit and heuristic?
Can someone point to a list of these toggle's? I saw @ForgottenSeer 58943's toggles earlier in the thread and imuade's registry toggle.
@Evjl's Rain I looked in Resources but didn't see anything for FortiClient. Does ForgottenSeer 58943 have a config thread up for it someplace?
- Jul 29, 2018
- 566
<heuristic_scanning>
<level>0</level>
Change 0 with 2 or 3
<use_extreme_db>0</use_extreme_db>
Change 0 with 1
<use_sandbox_signatures>0</use_sandbox_signatures>
Change 0 with 1
<antirootkit>0</antirootkit>
Change 0 with 4294947295
<popup_registry_alerts>0</popup_registry_alerts>
Change 0 with 1
Here you can see the details of tuning the .conf (XML) file https://docs.fortinet.com/d/forticlient-6.0.0-xml-reference
- Dec 29, 2014
- 1,716
@imuade, thankyou for taking the time to put it all in one place @Evjl's Rain, thanks for the link.
EDIT. Looks like I may have made a mistake with the heuristic scanning setting the first time. Think I set the <action>3</action> toggle instead. Is this supposed to be at 0? Thx
NM: I see in the xml reference (great btw ). O is the setting for <heuristic> -> <action>*<action> to see the alert. I had it set to send the file to the cloud I believe Maybe I configured that way in the GUI...seems I recall a setting someplace about that...
Just for the anyone reading. Some of the settings are in the xml more than one time. You can safely change all the ones by the same name, for example: for <heuristic scanning> Real-time and On-demand. Find will take you quickly through to all of the settings.
EDIT. Looks like I may have made a mistake with the heuristic scanning setting the first time. Think I set the <action>3</action> toggle instead. Is this supposed to be at 0? Thx
NM: I see in the xml reference (great btw
). O is the setting for <heuristic> -> <action>*<action> to see the alert. I had it set to send the file to the cloud I believe Maybe I configured that way in the GUI...seems I recall a setting someplace about that...Just for the anyone reading. Some of the settings are in the xml more than one time. You can safely change all the ones by the same name, for example: for <heuristic scanning> Real-time and On-demand. Find will take you quickly through to all of the settings.
Last edited:
- Jul 29, 2018
- 566
No problem@imuade, thankyou for taking the time to put it all in one place @Evjl's Rain, thanks for the link.
EDIT. Looks like I may have made a mistake with the heuristic scanning setting the first time. Think I set the <action>3</action> toggle instead. Is this supposed to be at 0? Thx
By default it is:
<heuristic_scanning>
<level>0</level>
<action>0</action>
</heuristic_scanning>
Changing "level" from 0 to 1, 2, 3 or 4 will turn heuristic ON (1 means low heuristic, 4 means high heuristic)
Changing "action" from 0 to 1 or 3 will change what FC does if heuristic finds a maware (0: warning; 1: deny access; 3: submit only)
If you can't fall asleep at night, try to read this https://docs.fortinet.com/d/forticlient-6.0.0-xml-reference
- Dec 29, 2014
- 1,716
Yes, the pdf and @ForgottenSeer 58943's options via @Evjl's Rain's link could keep me occupied for some time. Maybe someone will come up with the magic pill config down the line somewhere LOL and RLOL. I make me nervous when I get into XML Can't wait for the system to autoformat on boot or something ...
...
- Jul 29, 2018
- 566
Yes, the pdf and @ForgottenSeer 58943's options via @Evjl's Rain's link could keep me occupied for some time. Maybe someone will come up with the magic pill config down the line somewhere LOL and RLOL. I make me nervous when I get into XML Can't wait for the system to autoformat on boot or something
Don't worry, if you make a mistake in the XML file, you won't be able to restore it, FC will give you an error
- Oct 31, 2014
- 1,712
I thing only with voodooshield or comodo fw is good the protection
- Oct 31, 2014
- 1,712
- Mar 29, 2018
- 7,613
Please do not apologize for your English. It is good enough that I think most people understand your posts just fine!
Yes, VS is very good. Especially now with new security postures, it provides many options. I think VS is a keeper. Oh, yes, I now have a lifetime license that I intend to keep using. Cannot imagine life without it.
- Oct 31, 2014
- 1,712
Realy is very good program. I test my love(360TS) with free voodooshield (malwares come from Greece) results perfect. And my friendPlease do not apologize for your English. It is good enough that I think most people understand your posts just fine!
AtlBo try and try with FC.
- Mar 29, 2018
- 7,613
Who cares what people say? Useful critique, yes - if it's truly helpful. Otherwise, forget it. Your tests are your tests and people can take them or leave them! May EVjl always Reign!
ER tested an older version of FortiClient. I think CS tested a much newer FortiClient (but not 6.0.1) and it performed quite well, except with on-boot infections. CS declared FortiClient in the top tier along with products like ESET. However there was a major flaw in CS's test in that CS forgot to enable exploit protection which is a major protection component not functioning that launches before FortiClient proper so it might actually have passed the test.
Even so, without the adjunct technologies/hardware backing it up such as the FortiSandbox, you'd be wise to pair it with a solution like VoodooShield, OSArmor, Syshardener, etc. FortiClient and VoodooShield Free make a wonderful hardened combination for free that is actually very popular in some circles. FortiClient 6.5 is due out in a few weeks and should offer some interesting improvements.
FortiClient has 3 operational methods.
1) Vanilla, Freestanding - free version, no adjunct technologies.
2) FortiGate controlled - notched above free standing, allowing integration with FortiGuard+FortiSandbox, some endpoint control.
3) EMS - management portal for FortiClient that integrates ALL OF IT into an enterprise grade management, control and mitigation console.
As such, the free version should be considered minimum and pair with appropriate adjunct solutions and if you can handle some XML, make appropriate tweaks to harden it up and improve detection.
Even so, without the adjunct technologies/hardware backing it up such as the FortiSandbox, you'd be wise to pair it with a solution like VoodooShield, OSArmor, Syshardener, etc. FortiClient and VoodooShield Free make a wonderful hardened combination for free that is actually very popular in some circles. FortiClient 6.5 is due out in a few weeks and should offer some interesting improvements.
FortiClient has 3 operational methods.
1) Vanilla, Freestanding - free version, no adjunct technologies.
2) FortiGate controlled - notched above free standing, allowing integration with FortiGuard+FortiSandbox, some endpoint control.
3) EMS - management portal for FortiClient that integrates ALL OF IT into an enterprise grade management, control and mitigation console.
As such, the free version should be considered minimum and pair with appropriate adjunct solutions and if you can handle some XML, make appropriate tweaks to harden it up and improve detection.
