A couple of things about Forticlient:
- Its installer is awful. It takes aeons to download, scan and then finally install.
- Forticlient's free version is purely signature based. That won't be a problem if you're planning on running it alongside CF though.
- It has absolutely outstanding malicious URL blocking.
1) The installer is fine, but it does download modules and updates during the installation. You can cancel the pre-install scan by clicking cancel. In all fairness, the installation is much quicker for me since I have a Fortigate on my gateway it installs with pushes from the appliance vs over the internet.
2) Version 5.6 has introduced a lot of new technologies under the hood that aren't self evidence. It's progressed from a pure signature based scanner. Although the signatures are pretty well regarded in the industry. Fortinet is very speedy with updating them - try the submission and see. (while Trend is glacially slow)
5.6 introduced Rootkit Detection, Vulnerability Scanning, Threat Intelligence and Anti-Botnet/Ransomware technology.
3) Indeed. Fortinet has perhaps the best malicious URL blocking in the industry, among any product.
A few tidbits for the technically inclined. If you install Forticlient you can go to settings, then hit 'backup' to backup the configuration. This is an XML-Style file that allows you to seriously dig into the product and tweak a lot of things under the hood that aren't available in the GUI. So make the backup, make a copy of the backup (just in case you mess up the script), then dig into the script for the juicy bits. (use Notepad++ or something)
The GUI is purposely limited so people don't click things in an enterprise environment and get unexpected results. You can do fun stuff like turn on multi-core scanning/processing which makes it ridiculously fast. You can dial up heuristics, turn on extreme databases for even greater signatures, etc.. Here's a small snippet;
<!--zero, one or more of the following child nodes-->
Disclaimer: I'm a Fortigate NSE5 engineer. I will be happy to help anyone with questions about any setting or how the various technologies work. In my personal opinion, Forticlient makes a fantastic solution to combine with another one. For me, that's Voodooshield and Forticlient. I assume it would rock out with Comodo.
One thing to add - Forticlient adds a context menu for virus submission. This goes directly into the lab. Expect fast responses.