FortiClient 6.0.0 (Windows)

[AtlBo]

yea, I just get vulnerability sig updates & the engine is updated but no sig update since 17th august. & interface is showing out-of-date, so that's annoying.

So you see red x's for these in A-V?



Maybe this could be the reason:

When you try some links (malcode), does the web filter blocks any of them? Webfilter seems to be only against specific categories.
From what I gather, it is AV, that blocks malicious links, when I disable it and keep web filtering on, it does not block anything.

I tried a site on VXVault and it was blocked by Comodo Web Filtering. After two tries, the file would drop if chose "Allow once". Then I saw that the download was labelled unknown and I had the message "do you want to remove this file?" I selected yes and, when I moved the browser, I saw a pop up notification from FortiClient that the file has been quarantined. Here is the notification:



I don't know if the download was initially blocked by Chrome or by FortiClient. It is an anti-virus block, however.

I wonder too if malicious links are imported via the A-V component. Maybe you are just getting the static filtering @yitworths.

 

[TairikuOkami]

I don't know if the download was initially blocked by Chrome or by FortiClient.

If the URL is blocked, the file should not even download. Realtime Protection can be disabled and just keep AV's web-filtering part though.

btw, can ya tell me what features you've installed?

Just AV + webfilter.

 

[AtlBo]

I have just an adult filter enabled, there are no malware filters, as far as I can tell, unless I would enable Unrated, which is probably default-deny.

Thankyou for this. I hadn't configured the filters in the A-V :emoji_fearful:. This is very good, but I chose to block all of the categories. Too much?

Yes, indeed, appears to me that without the A-V module, there is only the category filtering.

 

[yitworths]

So you see red x's for these in A-V?

I don't have av module.

I tried a site on VXVault and it was blocked by Comodo Web Filtering. After two tries, the file would drop if chose "Allow once". Then I saw that the download was labelled unknown and I had the message "do you want to remove this file?" I selected yes and, when I moved the browser, I saw a pop up notification from FortiClient that the file has been quarantined. Here is the notification:

most likely comodo ain't allowing forticlient's web filtering. Otherwise it should have been blocked at url level.

Maybe you are just getting the static filtering @yitworths.

I've noticed 3 connection always on from fortiwf which I believe is related to web protection. So, most likely it does scan website with help of its own cloud rather than based on client level database.

 

[yitworths]

@TairikuOkami man, for me everything is going smoothly. Have you installed any other web protection after forticlient?If yes,then most likely that's causing the problem for ya. go for a re-installation,probably that will resolve it.

 

[AtlBo]

most likely comodo ain't allowing forticlient's web filtering. Otherwise it should have been blocked at url level.

Well, it is blocked using settings found in the A-V module. This may be different for you. The categories listed separately from the Web Filtering categories are here:



The reason only Comodo blocked was that the filters for me are in the A-V module settings (since A-V is present). I hadn't realized they weren't yet configured. FortiClient blocked after changing these settings:



I got only the Comodo web filter block because all of the above were set to allow. You may see these in your list of filters if, for example, there are no settings for the A-V. I don't see them in the category filtering here:



Nowhere in the Web Filter settings do the malicious categories from the first picture appear. Maybe you see them in the above picture, since no A-V module on the PC?

 

[yitworths]

Well, it is blocked using settings found in the A-V module. This may be different for you. The categories listed separately from the Web Filtering categories are here:

View attachment 196978

The reason it didn't block was that the filters for me are in the A-V module settings (since A-V is present). I hadn't realized they weren't yet configured.

I got only the Comodo web filter block because all of the above were set to allow. You may see these in your list of filters if, for example, there are no settings for the A-V. I don't see them in the category filtering here:

View attachment 196979

Nowhere in the Web Filter settings do the malicious categories from the first picture appear. Maybe you see them in the above picture, since no A-V module on the PC?

I set a VM to test TairikuOkami's settings as TairikuOkami claimed for him web filtering ain't working.

 

[AtlBo]

@TairikuOkami man, for me everything is going smoothly. Have you installed any other web protection after forticlient?If yes,then most likely that's causing the problem for ya. go for a re-installation,probably that will resolve it.

I see how this is for you thanks for the pictures. You see the module, but it is simply not installed. I wasn't sure if FortiClient moved the malicious categories over to the Web Filtering settings if the A-V is not installed.

 

[yitworths]

@AtlBo so it's all ok at this moment. Now waiting for TairikuOkami's response.

 

[AtlBo]

I set a VM to test TairikuOkami's settings as TairikuOkami claimed for him web filtering ain't working.

I noticed one thing. About five times in a row I set the filters only to see that the settings had reverted. Then I noticed at the top next to the "x" for closing the settings dialog for the A-V or Web Filtering module, there is a small floppy disk "save" icon that pops up and disappears sometimes. I ended up disabling (uncheck) below:



Then when I reenabled this setting, the small floppy icon appeared and the settings seem to stay in place. Just in case anyone notices anything like this happening in settings.

 

[AtlBo]

I'm not getting it just make it precise.

Don't worry about it. Filtering was configured incorrectly on the PCs here, that's why it wasn't working for me. Got it fixed, so thanks for posting helpful information.

 

[yitworths]

Don't worry about it. Filtering was configured incorrectly on the PCs here, that's why it wasn't working for me. Got it fixed, so thanks for posting helpful information.

At that moment, I was going through three different threads from two different domains & I ended up posted that. Sorry for that.

 

[yitworths]

@AtlBo is your vulnerability sigs up-to-date?

 

[AtlBo]

I've noticed 3 connection always on from fortiwf which I believe is related to web protection. So, most likely it does scan website with help of its own cloud rather than based on client level database.

This was the first question I had. Then I realized that I had overlooked the malicious settings for contolling web filtering. I think it must absolutely be cloud based, I agree. This is really good filtering.

 

[AtlBo]

@AtlBo is your vulnerability sigs up-to-date?

On the about page it says they are up to date. However, they were last updated 8-29-18. Doesn't concern me much with vulnerabilities. If there is a new one, I suppose they push an update for whatever fixes the vulnerability.

 

[imuade]

If you install the "Web filtering" module only, the category "Security Risk" moves from the "Malware Protection" tab to the "Web Security" tab, but you can still block malware&phishing websites.
You also get "Vulnerability scan" and my database is v. 1.00169 and "up to date"

 

[yitworths]

If you install the "Web filtering" module only, the category "Security Risk" moves from the "Malware Protection" tab to the "Web Security" tab, but you can still block malware&phishing websites.
You also get "Vulnerability scan" and my database is v. 1.00169 and "up to date"

View attachment 196984

please go to about... I just wanna see the interface

 

[yitworths]

You also get "Vulnerability scan" and my database is v. 1.00169 and "up to date"

 

[imuade]

please go to about... I just wanna see the interface

 

[imuade]

According to FortiGuard website, v. 1.169 is the latest

Learn More