Update FortiClient (Windows) 5.6.2

Discussion in 'Other Security for Windows' started by Felipe Oliveira, Dec 11, 2017.

  1. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,090
    4,371
    Fortinet Engineer
    USA
    Other OS
    Excellent response.

    I do recommend for realtime setting heuristics higher than 0 (which is off). Especially if you have over a dual core machine. I recommend 1 overall, which will substantially improve detection of new threats but not increase your false positives any measurable level. Also extreme database is strongly encouraged, it activates many thousands of additional signatures for older threats you stand a chance of running into (but aren't on the outbreak charts). Just setting these two alone will add a significant measure of protection to your PC.

    Database options are;

    Normal Includes viruses currently spreading as determined by the FortiGuard Global Security Research Team. These viruses are the greatest threat. The Normal database is the default selection.

    Extended Includes the normal database in addition to recent viruses that are less prevalent. These viruses may have been spreading within the last year but have since tapered off.

    Extreme Includes the extended database in addition to a large collection of ‘zoo’ viruses. These are viruses that have not seen widespread infection rates and are largely dormant today.
     
    ZeroDay, TerrakionSmash and BryanB like this.
  2. d0ts

    d0ts Level 1

    Nov 9, 2017
    21
    61
    Viet Nam
    Windows 10
    Emsisoft
    explorer_2017-12-24_12-28-31.png
    @Slyguy may you talk a bit about the Application Firewall?
     
    ZeroDay and TerrakionSmash like this.
  3. Infinityx

    Infinityx New Member

    Dec 23, 2017
    1
    1
    United States
    Windows 10
    Malwarebytes
    #43 Infinityx, Dec 24, 2017
    Last edited: Dec 24, 2017
    Interesting, definitely will install and try out for a couple of weeks and will post back with my experience. Interested in seeing how the system resource usage is.
     
    ZeroDay likes this.
  4. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,090
    4,371
    Fortinet Engineer
    USA
    Other OS
    The Application Firewall is what it sounds like, an application firewall. However control of this is pinned to the Fortigate Device itself and linked to the Application Control aspect of the Fortigate which allows you to 'control' application access/use/restrictions on the endpoint. Without a Fortigate unit to configure and manage this feature it defaults to blocking malicious application activity and malicious processes. There is no further granular control beyond this in the free version.

    Also note - an important thing about FortiClient exclusions that is undocumented. If you exclude a full directory it excludes the directory from scanning. To exclude 'other' technologies from a file you need to add the FILE to exclusions itself. This is poorly documented by Fortinet but it needs to be made clear to folks so they know how to exclude properly.

    This is the granular application firewall controls in Fortigate. But again, without a Fortigate it will default to 'control' of malicious, suspected malicious or malicious acting subjects without the ability to be granular.

    [​IMG]
     
    BryanB, d0ts and Danielx64 like this.
  5. ZeroDay

    ZeroDay Level 22

    Aug 17, 2013
    1,116
    3,179
    Birmingham UK
    Windows 10
    Kaspersky
    I'm seriously considering getting myself a Fortigate device.
     
    BryanB and d0ts like this.
  6. d0ts

    d0ts Level 1

    Nov 9, 2017
    21
    61
    Viet Nam
    Windows 10
    Emsisoft
    Thank you a lot for the explanation :)
     
    BryanB likes this.
  7. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,090
    4,371
    Fortinet Engineer
    USA
    Other OS
    #47 Slyguy, Dec 28, 2017
    Last edited: Dec 28, 2017
    I've noticed a bug in FortiClient 5.6.2 and have reported it to the TAC. I can reproduce the bug at will so I consider it a confirmed bug but not until I hear from the TAC can I officially say so.

    Depending on your NIC chipset/driver versioning you MAY experience reduced internet throughput with 'Block known communication channels used by attackers' enabled. I've noted up to a 75% reduction in speed on some chips and haven't found a common thread in the anomaly. If this bug impacts your particular configuration you can simply disable this feature until a fix is issued and everything will return to normal.
     
    Danielx64 and BryanB like this.
Loading...
Similar Threads Forum Date
FortiClient compatibility with the Microsoft Security update of January 3, 2018 - Meltdown Other Security for Windows Jan 4, 2018
Video Review FortiClient- An issue to be resolved Video Reviews Dec 16, 2017
Does FortiClient Av contain a BB? Other Security for Windows Aug 17, 2017