App Review FortiClient 6.0.9.0277

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Product name
FortiClient 6.0.9.0277
Installation (rating)
5.00 star(s)
User interface (rating)
4.00 star(s)
Accessibility notes
The GUI is nice and well organized. To modify most of the settings you have to click on "Unlock Settings" on the low-left corner.
Default settings are already good, you can tune them deeply by using the conf file.
To do so, you have to go to Settings-->Backup and save the file somwhere. Then you open it (for example with WordPad) and edit it. After saving, you can import it by Settings-->Restore
Here is the official guide https://docs.fortinet.com/document/forticlient/6.0.9/xml-reference-guide/387580/introduction
Performance (rating)
5.00 star(s)
Core Protection (rating)
4.00 star(s)
Proactive protection (rating)
4.00 star(s)
Additional Protection notes
FortiClient has Antivirus, AntiExploit, Heuristic and Web Filter.
It lacks of a strong Behaviour Blocker or HIPS and of a Firewall, but Web Filter and Signatures are top notch.
Sandbox is available only if you have a FortiSandbox connected.
Browser protection (rating)
5.00 star(s)
Positives
    • Freeware
    • Many features
    • Minimal setup required
    • Low impact on system resources
    • Simple and non-intrusive
    • Accurate results and reliable antivirus engine
    • Effective malicious URL blocking
    • Virus signatures are updated daily
    • Multi-layer protection approach
Negatives
    • Advanced users may want more control
    • Weak protection against zero-day threats
Time spent using product
Reviewed over a 30-day period
Computer specs
MSI Cubi Intel Core i3-5005U
12Gb RAM
128Gb SSD
Recommended for
  1. Inexperienced users
  2. Multi-user devices
  3. Financial banking or trading
  4. Low spec PCs
Overall rating
4.00 star(s)

pxxb1

Level 9
Verified
Well-known
Jan 17, 2018
436
Yes, it is updating as far as I can tell. I do believe it has signatures locally also...

View attachment 266436

View attachment 266438

Need any help with the settings pls ask. The signatures using the hardened settings are very good. They will find garbage if it is on the system or on an attached drive. I like this program mostly with Comodo Firewall, choosing the FortiClient web filter over the Comodo one. I turn off the filtering in CF...

Tell me more, about the settings and the hardened settings.

I thought i remembered that it had bad URL-proctection, but that must be a flawed memory since in this thread everybody seems to say it is good. Any info on that?
 
  • Like
Reactions: [correlate]

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
I think by url-protection they mean that the program has a web filter, and as far as I know it is a very good web filter. It is a little bit tricky to set up, but it is very good. I still use UBlock Origin on top of FC's web filter, but FC's filter definitely was highly regarded last I checked. That said I can't tell how well it works because Firefox blocks malicious sites before FC sees them these days (just now tested).

The settings .config enables the use of the most aggressive signatures and then also bumps up the enforcement of their use. In this way, both detection and enforcement (quarantine) are made stronger. I haven't run into much in the way of FPs, so I would say using F-C with the hardened settings has been a great experience for me over the last 4-5 years. I am grateful that Fortinet have kept updating the signatures of their previous client software this way. BTW, it is necessary to enter the settings menu to import the .config file into the program. To do this, you will first need to click on the "Unlock Settings" button on the bottom left of the menu. The settings are straight .html, by the way. You can look them over with an .html editor and then edit them too if you like.

I am interested to see if you are able to migrate successfully. Again, I really like F-C, at least for now...

UPDATE: I see the web filter is working fine. In the Notifications I see the blocks, which are there even though Firefox blocked the porn site I to which I pretended to visit.
 
Last edited:
  • Like
Reactions: DDE_Server

pxxb1

Level 9
Verified
Well-known
Jan 17, 2018
436
I think by url-protection they mean that the program has a web filter, and as far as I know it is a very good web filter. It is a little bit tricky to set up, but it is very good. I still use UBlock Origin on top of FC's web filter, but FC's filter definitely was highly regarded last I checked. That said I can't tell how well it works because Firefox blocks malicious sites before FC sees them these days (just now tested).

The settings .config enables the use of the most aggressive signatures and then also bumps up the enforcement of their use. In this way, both detection and enforcement (quarantine) are made stronger. I haven't run into much in the way of FPs, so I would say using F-C with the hardened settings has been a great experience for me over the last 4-5 years. I am grateful that Fortinet have kept updating the signatures of their previous client software this way. BTW, it is necessary to enter the settings menu to import the .config file into the program. To do this, you will first need to click on the "Unlock Settings" button on the bottom left of the menu. The settings are straight .html, by the way. You can look them over with an .html editor and then edit them too if you like.

I am interested to see if you are able to migrate successfully. Again, I really like F-C, at least for now...

UPDATE: I see the web filter is working fine. In the Notifications I see the blocks, which are there even though Firefox blocked the porn site I to which I pretended to visit.

If you mean the Restore function in System, i got an Error when trying to restore/import the config.file. Any other possibility to migrate it i could not see.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Yes that is correct. I am running version 6.0.0.0067 of Forticlient on the system I am referencing for information. Could be that the settings .conf I have will not work on 6.0.02.0128. I didn't see any reason to update the program, although I downloaded the installer, because it is html based, and I felt that there likely weren't many changes. This version is very well defined and quite comprehensive and effective. I have the latest installer in case I should install on another system.

I would be surprised if the configuration gave the error simply based on the version of the client. I say this because I feel that the breadth of those settings would likelier be "sacred" and so the same as html is concerned across a version (i.e. all 6.x.x.x versions) as a norm. One thing about the Forticlient settings I will note here. If you make a change to the settings, you may notice a small lock top right. Before closing the settings, wait for that lock to flash. If the settings don't autosave, then they will not be finalized. If I remember correctly it will turn into a small floppy diskette symbol while the settings save (maybe it is next to the lock). I have had issues in the past, which I was able to resolve once I noticed the appearance of the disk at the top. It may take some seconds for it to show up after changing a setting, but the autosave function is the only way to save settings.

I will see if I can get an issue with F-C on this PC importing the settings and then let you know. Otherwise, I can view them in an html editor and pass the important ones to you if you care to edit what is there now. I'll get back to you in awhile.
 
Last edited:

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
OK, I got a note which said that the settings had been updated successfully. Would you like to try the earlier version of Forticlient? I can post a link for the earlier version 6.x.x.x...
 

pxxb1

Level 9
Verified
Well-known
Jan 17, 2018
436
When i did this it was on OK, I got a note which said that the settings had been updated successfully. Would you like to try the earlier version of Forticlient? I can post a link for the earlier version 6.x.x.x...

OK, I got a note which said that the settings had been updated successfully. Would you like to try the earlier version of Forticlient? I can post a link for the earlier version 6.x.x.x...

When i got that errror it was on a W10 pc with some leftovers from Qihoo 360 that FC mentioned during install. Leftovers i removed afterwards. I will try it on the W11 pc that it installed alright. But not until tomorrow though, maybe, later this evening. Meanwhile, please post that link.

That about the "settingsflash", i understood rather fast after install.
 

pxxb1

Level 9
Verified
Well-known
Jan 17, 2018
436
pxxb1...here you are:

Google Drive Forticlient 6.0.0.0067

Yes, on the settings flash, I had the gamma up for video on the computer and for 6 months I could not understand why I could not save a setting sometimes. Then I just faintly saw the animation one time and had an OK WOW moment...

Thanks! I will try it tomorrow about the same time that i posted the first post this evening.

Can i see the differences somewhere about what the settings do, a before or after so to speak. What the default settings are and, what they are after the change. The config file in notepad did not tell me much. Aggressive sigs, what are that, i mean, sigs are sigs.

Until tomorrow.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Ill try to get some screenshots of some of the html settings. You can search for each setting by name in your current html (save 2 copies if you will be making changes to one). I think most of the changes are/can be found in the malware section, so you may have to search the file. Some of the keywords will surely occur more than once (in more than one section), so you just want to be in the correct section when matching a setting change to the html file I uploaded. If you make changes just remember to save the file in the .config format by the same name and in the same location etc. If you are using Notepad, you might have to use the All Files drop down bottom to see the file to overwrite it when saving. Again, good idea to put a way a copy of your current settings somewhere so you can go back.

There isn't a way to gauge performance. With the html, if you up some of the numbers, the program will be more aggressive, and it does make a difference in my experience. I think most would agree with me on this observation, who have used the aggressive settings.

One other thing...the most important web filter setting is in the malware section of the program. Sandbox does not work as you may or may not know, so don't worry about that...or the firewall. For the web filter settings in malware, "Unlock Settings" bottom left while on the "Malware Protection" tab. Click on the cog top right of the "Malware Protection" tab. On the menu that pops up you will see "Block Malicious Websites". That's the most important setting for web protection. It works using Forticlient's lookup for websites. Here, I am blocking everything under the "Block malicious websites" check box. The "Web Security" section has a more standard web blocking feature, but the options are limited there, and the options are purely by website type. These settings are very broad sweeping blocks. Still this can be kind of nice in some ways.

In answer to aggressive signatures, these will alert for PUPs and other sketchy programming. The more aggressive the setting chosen in the html, the more sketchy programs will be included in the by the block action (by a rating I assume). Basically, the html file works with numbers, but you have to know which settings are important and how high you can go and also whether higher means more aggressive or more passive etc. There are also some words used in settings if I recall. Where I have the signatures is really good, although this is not a gaming rig, so I can't speak to whether games might be blocked or cheat engines, etc. It will find old PUP installers and such, though, when set for aggressive.

One thing you might want to do is save the configuration file you have now. Then compare that with the file I uploaded to see where there are differences. You can be fairly certain that changes where the html identifier (the keyword(s) on each line) is/are the same the setting and that the number in the uploaded will likely work in your file. Just keep a second set of your current settings if you experiment. You can restore those if you have a problem, but you should be OK. In the end, my impression is that the html settings are reflected in some ways in the UI, but that the html settings go much further for tailoring the performance of the FortiClient software. In short, you cannot achieve the customizability by a long shot in the UI settings that can be achieved with the html settings.

One last thing. Not sure Notepad will work for working with html files. Maybe someone else can help, but I am sure there are many html compatible editors. I use MS Office 2007 Web Expressions. Notepad++ might work nicely. I'll take some screenshots of the html settings and settings UI.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
pxxb1...take a look at these entries from one of ForgottenSeer 58943's posts:

A couple of things about Forticlient:
  1. Its installer is awful. It takes aeons to download, scan and then finally install.
  2. Forticlient's free version is purely signature based. That won't be a problem if you're planning on running it alongside CF though.
  3. It has absolutely outstanding malicious URL blocking.

1) The installer is fine, but it does download modules and updates during the installation. You can cancel the pre-install scan by clicking cancel. In all fairness, the installation is much quicker for me since I have a Fortigate on my gateway it installs with pushes from the appliance vs over the internet.
2) Version 5.6 has introduced a lot of new technologies under the hood that aren't self evidence. It's progressed from a pure signature based scanner. Although the signatures are pretty well regarded in the industry. Fortinet is very speedy with updating them - try the submission and see. (while Trend is glacially slow)
5.6 introduced Rootkit Detection, Vulnerability Scanning, Threat Intelligence and Anti-Botnet/Ransomware technology.

3) Indeed. Fortinet has perhaps the best malicious URL blocking in the industry, among any product.

A few tidbits for the technically inclined. If you install Forticlient you can go to settings, then hit 'backup' to backup the configuration. This is an XML-Style file that allows you to seriously dig into the product and tweak a lot of things under the hood that aren't available in the GUI. So make the backup, make a copy of the backup (just in case you mess up the script), then dig into the script for the juicy bits. (use Notepad++ or something)

The GUI is purposely limited so people don't click things in an enterprise environment and get unexpected results. You can do fun stuff like turn on multi-core scanning/processing which makes it ridiculously fast. You can dial up heuristics, turn on extreme databases for even greater signatures, etc.. Here's a small snippet;

<antivirus>
<enabled>1</enabled>
<signature_expired_notification>0</signature_expired_notification>
<scan_on_insertion>0</scan_on_insertion>
<shell_integration>1</shell_integration>
<antirootkit>4294967295</antirootkit>
<fortiguard_analytics>1</fortiguard_analytics>
<multi_process_limit>1</multi_process_limit>
<scheduled_scans>
<ignore_3rd_party_av_conflicts>0</ignore_3rd_party_av_conflicts>
<!--zero, one or more of the following child nodes-->
<full>
<enabled>1</enabled>
<repeat>2</repeat>
<day_of_month>1</day_of_month>
<time>19:30</time>
<removable_media>1</removable_media>
<network_drives>0</network_drives>
<priority>0</priority>
</full>
</scheduled_scans>
<on_demand_scanning>
<use_extreme_db>1</use_extreme_db>
<on_virus_found>4</on_virus_found>
<pause_on_battery_power>1</pause_on_battery_power>
<signature_load_memory_threshold>8</signature_load_memory_threshold>
<automatic_virus_submission>
<enabled>0</enabled>
<smtp_server>fortinetvirussubmit.com</smtp_server>
<username>Enc 341b4a044abc73d0d7cc417825d302784a359e5d30ef9432</username>
<password>Enc 16e87c0533f9a541b9895fa24f7d881da4da55430d653464</password>
</automatic_virus_submission>
<compressed_files>
<scan>1</scan>
<maxsize>0</maxsize>
</compressed_files>
<riskware>
<enabled>1</enabled>
</riskware>
<adware>
<enabled>1</enabled>
</adware>
<heuristic_scanning>
<level>3</level>
<action>2</action>
</heuristic_scanning>

Disclaimer: I'm a Fortigate NSE5 engineer. I will be happy to help anyone with questions about any setting or how the various technologies work. In my personal opinion, Forticlient makes a fantastic solution to combine with another one. For me, that's Voodooshield and Forticlient. I assume it would rock out with Comodo.

One thing to add - Forticlient adds a context menu for virus submission. This goes directly into the lab. Expect fast responses.

My settings were close to these here. You can use the first word in the html string of each line which contains a setting in the above. Search for the word, then check above the setting to compare that the heading is the same for the setting you have as compared to here in this list. If that is the same, then you can try the number (don't worry, the worst that can happen is that FC will reject the settings). The actual setting is the number in most cases between <*> and <*>. These are good aggressive settings. Just remember, you are looking at individual lines that are somewhere in the .conf file. You will have to search for each one individually. Just a pointer, you may want to search Forticlient and user ForgottenSeer 58943 to find the post containing this information. He started the thread which I believe was titled Forticlient 6.0.0.0. I recommend reading through the thread. I learned most of what I know there.

You can also search "Forticlient" and user imuade. Page 3 three of that search results has a couple of good things from him.

Try these things before I take pictures of the html. I will get some of at least the UI here momentarily.
 

pxxb1

Level 9
Verified
Well-known
Jan 17, 2018
436
pxxb1...take a look at these entries from one of ForgottenSeer 58943's posts:



My settings were close to these here. You can use the first word in the html string of each line which contains a setting in the above. Search for the word, then check above the setting to compare that the heading is the same for the setting you have as compared to here in this list. If that is the same, then you can try the number (don't worry, the worst that can happen is that FC will reject the settings). The actual setting is the number in most cases between <*> and <*>. These are good aggressive settings. Just remember, you are looking at individual lines that are somewhere in the .conf file. You will have to search for each one individually. Just a pointer, you may want to search Forticlient and user ForgottenSeer 58943 to find the post containing this information. He started the thread which I believe was titled Forticlient 6.0.0.0. I recommend reading through the thread. I learned most of what I know there.

You can also search "Forticlient" and user imuade. Page 3 three of that search results has a couple of good things from him.

Try these things before I take pictures of the html. I will get some of at least the UI here momentarily.

I tried it out, a bit earlier then announced.
On W11 all went fine. Installed ok, runs ok and all the settings gets saved as it should. On W10 it did not save as it should, i had to do the settings over and over until they stuck. V.6.02.
It also Restored the accompanied config file this time as it should. About that, what configs are thoose, and whos, F-Cs own? Could one say that thery are HIGH or MAX security, or what? What do they do compared to the installer settings.

And again, the file does not tell me much since there is no comparison, and, no mentioning anywhere in it what sort of level the default settings in it delivers. So when applying them or the file, or your file, i would not know what, i am applying. So please, tell me something about that! I would also appreciate some info about what the Dynamic threath protection is.

Otherwise, light and easy, a good basic Av alternative for Ms Defender which is much heavier. That is the reason for my interest as for many others.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top