FortiClient 6.0.0 (Windows)

F

ForgottenSeer 58943

FYI this is a pretty big release. Fortinet doesn't itemize bug fixes for the most part. There are a ton of backend fixes, internal fixes and server improvements relating to this. Most of the bugs should be resolved, including the ones reported here to me. Improvements in functionality of many of the modules are present.

Also the entire program interface was restructured and the product should feel even lighter than before, quite possibly one of the lightest AV's now.

fc2.png
 

Islam Gamal

Level 4
Verified
Well-known
Jan 25, 2018
155
FYI this is a pretty big release. Fortinet doesn't itemize bug fixes for the most part. There are a ton of backend fixes, internal fixes and server improvements relating to this. Most of the bugs should be resolved, including the ones reported here to me. Improvements in functionality of many of the modules are present.

Also the entire program interface was restructured and the product should feel even lighter than before, quite possibly one of the lightest AV's now.

View attachment 189679
Can i use it with comodo firewall ??
 

Chimaira

Level 4
Verified
Well-known
Jan 5, 2018
163
FYI this is a pretty big release. Fortinet doesn't itemize bug fixes for the most part. There are a ton of backend fixes, internal fixes and server improvements relating to this. Most of the bugs should be resolved, including the ones reported here to me. Improvements in functionality of many of the modules are present.

Also the entire program interface was restructured and the product should feel even lighter than before, quite possibly one of the lightest AV's now.

View attachment 189679

Is 6.0 available for download yet? I can't find it anywhere
 
  • Like
Reactions: AtlBo and Weebarra
F

ForgottenSeer 58943

Is 6.0 available for download yet? I can't find it anywhere

It's on the Fortinet FTP portal for Partners, Employees, etc. It should appear on the main page next week.

Here's the installer, I uploaded it to a fileshare site if anyone doesn't want to wait a week. It's clean, it's identical MD5 as the one on the Fortinet FTP server.

FortiClientSetup_6.0.0.0067_x64.exe
 
F

ForgottenSeer 58943

Very clean and neat updated interface. Now I am interested in it more like before. (y) @ForgottenSeer 58943 How would you rate it now vs SHP for those without FortiGate?

Without a Fortigate and/or FortiSandbox I would rate it average at best..

Which means I still wouldn't run it vanilla. I would make some CONF tweaks to ramp it up a bit. Then add in something like OSArmor or VoodooShield with it. I think it would be pretty hard, if not impossible to infect a box with FortiClient+OSArmor/VoodooShield, honestly and you can do it all without spending a dime out of your pocket.

Also, keeping with privacy. FortiClient has checkboxes to disable all analytics, logging, and telemetry. It can run totally silent.
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Is there any way to test web filtering, it does not seem to be blocking anything?
Or does it work only on supported browsers or only on unecrypted DNS requests?
 
  • Like
Reactions: AtlBo

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Is there any way to test web filtering, it does not seem to be blocking anything?
Or does it work only on supported browsers or only on unecrypted DNS requests?
Turn pornography filter on and test some sites, it will work for sure
 
  • Like
Reactions: AtlBo

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
As FC6 is now public, I did a quick dance with it. The AV definitions are OK, but nothing special. For example, this Blackswap banking trojan that's been out for a month: Antivirus scan for 5349a0c06823fa285faa31381b5566b2a3d8990f6a5b6775288471caa35f8516 at 2018-06-06 22:47:23 UTC - VirusTotal

The system was infected and the malware persists on reboot and was not detected after a Full scan. FC6 also was oblivious to previously Forked processes and their vectors.

It surprised me that it was good at detecting worms with nastier persistence mechanisms; it also surprised me that it allowed a drop and autostart of a slightly modified AlphaCrypt. Finally it did not do well at all against newly coded KillDisk (not that it should, as it is a traditional AV).
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
As FC6 is now public, I did a quick dance with it. The AV definitions are OK, but nothing special. For example, this Blackswap banking trojan that's been out for a month: Antivirus scan for 5349a0c06823fa285faa31381b5566b2a3d8990f6a5b6775288471caa35f8516 at 2018-06-06 22:47:23 UTC - VirusTotal

The system was infected and the malware persists on reboot and was not detected after a Full scan. FC6 also was oblivious to previously Forked processes and their vectors.

It surprised me that it was good at detecting worms with nastier persistence mechanisms; it also surprised me that it allowed a drop and autostart of a slightly modified AlphaCrypt. Finally it did not do well at all against newly coded KillDisk (not that it should, as it is a traditional AV).
Hows the Performance? Do you recommend it over wd example?
 
F

ForgottenSeer 58943

One must keep in mind, FortiClient is largely configured out of the box to cause the least problems in enterprise environments with the FGT and FSB doing the heavy lifting. If you want to test it stand alone I would advise some basic changes.

<heuristic_scanning>
<level>0</level>

I'd put that at 2 or 3. Since it defaults to off.

<use_extreme_db>0</use_extreme_db>

Defaults to 0, by default it uses the normal database for the most relevant threats. Extended for slightly aged threats, and extreme for all of the databases combined and Zoo threats. One should toggle this to 1 rather than 0.

<use_sandbox_signatures>0</use_sandbox_signatures>

Defaults to 0 which is off. When toggled to 1 it will pull down the newest, most relevant emerging threats from the global FSB databases which are the combined horsepower of all deployed FortiSandboxes and the signatures those are generating.

The reason these are all essentially off out of the box is because they could theoretically offer false positives and other issues in an complex enterprise environment so it's up to the administrator to decide, then test, and adjust if necessary. I'd strongly encourage these to be enabled for a better picture of overall detection levels. Once the settings to the CONF are made, one should reboot the system afterward.
 

Fel Grossi

Level 13
Thread author
Verified
Top Poster
Well-known
Jan 17, 2014
619
As FC6 is now public, I did a quick dance with it. The AV definitions are OK, but nothing special. For example, this Blackswap banking trojan that's been out for a month: Antivirus scan for 5349a0c06823fa285faa31381b5566b2a3d8990f6a5b6775288471caa35f8516 at 2018-06-06 22:47:23 UTC - VirusTotal

The system was infected and the malware persists on reboot and was not detected after a Full scan. FC6 also was oblivious to previously Forked processes and their vectors.
What is funnier is that I already sent this Blackswap to Fortinet and Microsoft a week ago, and to this day neither of them detects.
 
F

ForgottenSeer 58943

What is funnier is that I already sent this Blackswap to Fortinet and Microsoft a week ago, and to this day neither of them detects.

I'm skeptical of this claim. You should rarely wait longer than 60 minutes after a submission to Fortinet TAC for a response from a malware analyst.

submitvirus@fortinet.com

Is the only supported way of direct submission. The online scanner is Machine Learning System that isn't nearly as fast if it doesn't identify a threat outright.
 

Fel Grossi

Level 13
Thread author
Verified
Top Poster
Well-known
Jan 17, 2014
619
I'm skeptical of this claim. You should rarely wait longer than 60 minutes after a submission to Fortinet TAC for a response from a malware analyst.

submitvirus@fortinet.com

Is the only supported way of direct submission. The online scanner is Machine Learning System that isn't nearly as fast if it doesn't identify a threat outright.
Lol. Ok then.

Yes, I send it by email only when the file is larger than 1MB, when it is smaller I send it through the online scanner (as it was in this case). But anyway, by now I believe you have already sent this Blackswap to them, and as you can see, so far none of those quoted.

I also really like Fortinet as well as COMODO. Whenever I have contact with malware I send to Fortinet, COMODO and Microsoft, if malware is Brazilian I also send to Avast and Avira, which are very prevalent here in Brazil.

VirusTotal
 
F

ForgottenSeer 58943

The email should always be used. That goes right to the lab guys. The online one is ML/AI, and not parsed as quickly.

Try submitting to the email above and it should be taken care of in about 60 minutes or less.
 
F

ForgottenSeer 58943

Lol. Ok then.

Yes, I send it by email only when the file is larger than 1MB, when it is smaller I send it through the online scanner (as it was in this case). But anyway, by now I believe you have already sent this Blackswap to them, and as you can see, so far none of those quoted.

I also really like Fortinet as well as COMODO. Whenever I have contact with malware I send to Fortinet, COMODO and Microsoft, if malware is Brazilian I also send to Avast and Avira, which are very prevalent here in Brazil.

VirusTotal

Can you archive this and PM me a copy? I want to send it directly to the lab guys and see what they say.
 
  • Like
Reactions: AtlBo and Chimaira

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top