FortiClient 6.0.0 (Windows)

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
yea, I just get vulnerability sig updates & the engine is updated but no sig update since 17th august. & interface is showing out-of-date, so that's annoying.

So you see red x's for these in A-V?

Modules.png

Maybe this could be the reason:

When you try some links (malcode), does the web filter blocks any of them? Webfilter seems to be only against specific categories.
From what I gather, it is AV, that blocks malicious links, when I disable it and keep web filtering on, it does not block anything.

I tried a site on VXVault and it was blocked by Comodo Web Filtering. After two tries, the file would drop if chose "Allow once". Then I saw that the download was labelled unknown and I had the message "do you want to remove this file?" I selected yes and, when I moved the browser, I saw a pop up notification from FortiClient that the file has been quarantined. Here is the notification:

Notification.png

I don't know if the download was initially blocked by Chrome or by FortiClient. It is an anti-virus block, however.

I wonder too if malicious links are imported via the A-V component. Maybe you are just getting the static filtering @yitworths.
 
Last edited:

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,692
I don't know if the download was initially blocked by Chrome or by FortiClient.
If the URL is blocked, the file should not even download. Realtime Protection can be disabled and just keep AV's web-filtering part though.

btw, can ya tell me what features you've installed?
Just AV + webfilter.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
I have just an adult filter enabled, there are no malware filters, as far as I can tell, unless I would enable Unrated, which is probably default-deny.

Thankyou for this. I hadn't configured the filters in the A-V :emoji_fearful:. This is very good, but I chose to block all of the categories. Too much?

Yes, indeed, appears to me that without the A-V module, there is only the category filtering.
 

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
So you see red x's for these in A-V?

I don't have av module.2018-09-02_19-42-23.png


I tried a site on VXVault and it was blocked by Comodo Web Filtering. After two tries, the file would drop if chose "Allow once". Then I saw that the download was labelled unknown and I had the message "do you want to remove this file?" I selected yes and, when I moved the browser, I saw a pop up notification from FortiClient that the file has been quarantined. Here is the notification:
most likely comodo ain't allowing forticlient's web filtering. Otherwise it should have been blocked at url level.

Maybe you are just getting the static filtering @yitworths.
I've noticed 3 connection always on from fortiwf which I believe is related to web protection. So, most likely it does scan website with help of its own cloud rather than based on client level database.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
most likely comodo ain't allowing forticlient's web filtering. Otherwise it should have been blocked at url level.

Well, it is blocked using settings found in the A-V module. This may be different for you. The categories listed separately from the Web Filtering categories are here:

A-V Malicious Filter Cats.png

The reason only Comodo blocked was that the filters for me are in the A-V module settings (since A-V is present). I hadn't realized they weren't yet configured. FortiClient blocked after changing these settings:

FortiBlock.png

I got only the Comodo web filter block because all of the above were set to allow. You may see these in your list of filters if, for example, there are no settings for the A-V. I don't see them in the category filtering here:

Web Filtering Cats 2.png

Nowhere in the Web Filter settings do the malicious categories from the first picture appear. Maybe you see them in the above picture, since no A-V module on the PC?
 
Last edited:

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
Well, it is blocked using settings found in the A-V module. This may be different for you. The categories listed separately from the Web Filtering categories are here:

View attachment 196978

The reason it didn't block was that the filters for me are in the A-V module settings (since A-V is present). I hadn't realized they weren't yet configured.

I got only the Comodo web filter block because all of the above were set to allow. You may see these in your list of filters if, for example, there are no settings for the A-V. I don't see them in the category filtering here:

View attachment 196979

Nowhere in the Web Filter settings do the malicious categories from the first picture appear. Maybe you see them in the above picture, since no A-V module on the PC?

I set a VM to test TairikuOkami's settings as TairikuOkami claimed for him web filtering ain't working.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
@TairikuOkami man, for me everything is going smoothly. Have you installed any other web protection after forticlient?If yes,then most likely that's causing the problem for ya. go for a re-installation,probably that will resolve it.

I see how this is for you thanks for the pictures. You see the module, but it is simply not installed. I wasn't sure if FortiClient moved the malicious categories over to the Web Filtering settings if the A-V is not installed.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
I set a VM to test TairikuOkami's settings as TairikuOkami claimed for him web filtering ain't working.

I noticed one thing. About five times in a row I set the filters only to see that the settings had reverted. Then I noticed at the top next to the "x" for closing the settings dialog for the A-V or Web Filtering module, there is a small floppy disk "save" icon that pops up and disappears sometimes. I ended up disabling (uncheck) below:

A-V Malicious Filter Cats 3.png

Then when I reenabled this setting, the small floppy icon appeared and the settings seem to stay in place. Just in case anyone notices anything like this happening in settings.
 
Last edited:

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
I've noticed 3 connection always on from fortiwf which I believe is related to web protection. So, most likely it does scan website with help of its own cloud rather than based on client level database.

This was the first question I had. Then I realized that I had overlooked the malicious settings for contolling web filtering. I think it must absolutely be cloud based, I agree. This is really good filtering.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
@AtlBo is your vulnerability sigs up-to-date?

On the about page it says they are up to date. However, they were last updated 8-29-18. Doesn't concern me much with vulnerabilities. If there is a new one, I suppose they push an update for whatever fixes the vulnerability.
 

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
If you install the "Web filtering" module only, the category "Security Risk" moves from the "Malware Protection" tab to the "Web Security" tab, but you can still block malware&phishing websites.
You also get "Vulnerability scan" and my database is v. 1.00169 and "up to date"

Immagine.jpg
 

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
If you install the "Web filtering" module only, the category "Security Risk" moves from the "Malware Protection" tab to the "Web Security" tab, but you can still block malware&phishing websites.
You also get "Vulnerability scan" and my database is v. 1.00169 and "up to date"

View attachment 196984

please go to about... I just wanna see the interface
 
  • Like
Reactions: Nestor

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top