FortiClient (Windows) 5.6.2

Status
Not open for further replies.
F

ForgottenSeer 58943

ZeroDay said:
I tweaked the INI and trust me it's easy for anyone. You just work your way through the settings like it's a GUI. once you've done it a couple of times you know exactly where to scroll to. And if you backup the tweaked INI you'll only have to do it once. It really is just common sense once you're looking at the INI file. People who are not tech savvy could make a few backups of the original INI so they could practice.
Click to expand...

Excellent response.

I do recommend for realtime setting heuristics higher than 0 (which is off). Especially if you have over a dual core machine. I recommend 1 overall, which will substantially improve detection of new threats but not increase your false positives any measurable level. Also extreme database is strongly encouraged, it activates many thousands of additional signatures for older threats you stand a chance of running into (but aren't on the outbreak charts). Just setting these two alone will add a significant measure of protection to your PC.

Database options are;

Normal Includes viruses currently spreading as determined by the FortiGuard Global Security Research Team. These viruses are the greatest threat. The Normal database is the default selection.

Extended Includes the normal database in addition to recent viruses that are less prevalent. These viruses may have been spreading within the last year but have since tapered off.

Extreme Includes the extended database in addition to a large collection of ‘zoo’ viruses. These are viruses that have not seen widespread infection rates and are largely dormant today.
 
  • Like
Reactions: ZeroDay, Handsome Recluse and vtqhtr413
D

d0ts

Level 1
Verified
Nov 9, 2017
23
Kubla said:
Let us know what you find.
Click to expand...
explorer_2017-12-24_12-28-31.png

@ForgottenSeer 58943 may you talk a bit about the Application Firewall?
 
  • Like
Reactions: ZeroDay and Handsome Recluse
Infinityx

Infinityx

Level 1
Verified
Dec 23, 2017
15
Interesting, definitely will install and try out for a couple of weeks and will post back with my experience. Interested in seeing how the system resource usage is.
 
Last edited:
  • Like
Reactions: vtqhtr413 and ZeroDay
F

ForgottenSeer 58943

The Application Firewall is what it sounds like, an application firewall. However control of this is pinned to the Fortigate Device itself and linked to the Application Control aspect of the Fortigate which allows you to 'control' application access/use/restrictions on the endpoint. Without a Fortigate unit to configure and manage this feature it defaults to blocking malicious application activity and malicious processes. There is no further granular control beyond this in the free version.

Also note - an important thing about FortiClient exclusions that is undocumented. If you exclude a full directory it excludes the directory from scanning. To exclude 'other' technologies from a file you need to add the FILE to exclusions itself. This is poorly documented by Fortinet but it needs to be made clear to folks so they know how to exclude properly.

This is the granular application firewall controls in Fortigate. But again, without a Fortigate it will default to 'control' of malicious, suspected malicious or malicious acting subjects without the ability to be granular.

appc.png
 
  • Like
Reactions: vtqhtr413, d0ts and Danielx64
F

ForgottenSeer 58943

I've noticed a bug in FortiClient 5.6.2 and have reported it to the TAC. I can reproduce the bug at will so I consider it a confirmed bug but not until I hear from the TAC can I officially say so.

Depending on your NIC chipset/driver versioning you MAY experience reduced internet throughput with 'Block known communication channels used by attackers' enabled. I've noted up to a 75% reduction in speed on some chips and haven't found a common thread in the anomaly. If this bug impacts your particular configuration you can simply disable this feature until a fix is issued and everything will return to normal.
 
Last edited by a moderator:
  • Like
Reactions: Danielx64 and vtqhtr413
abdou17

abdou17

Level 2
Verified
May 3, 2013
82
Windows_Security said:
Do you have info on INI file settings (a tutorial or hep file)? Sounds amazing tweakable.

Fortinet did well in the past against malware UR:S and core AV-signatures. Because Fortinet felt a bit heavy and did not have advanced features (like other free AV;s) it was not very popular on security forums. These enhancements are really interesting.
Click to expand...

Full info about INI file can be found here
Fortinet Docs Library - FortiClient 5.6.0 XML Reference
 
  • Like
Reactions: harlan4096 and Sunshine-boy
Infinityx

Infinityx

Level 1
Verified
Dec 23, 2017
15
So i've personally been liking this anti virus a lot. Able to shut it down when it's not needed to prevent resources usage. I did see issues on my other family members computer though. It was causing OpenGL to crash when playing Minecraft, once I uninstalled it, no crashes.
 
F

ForgottenSeer 58943

Infinityx said:
So i've personally been liking this anti virus a lot. Able to shut it down when it's not needed to prevent resources usage. I did see issues on my other family members computer though. It was causing OpenGL to crash when playing Minecraft, once I uninstalled it, no crashes.
Click to expand...

It is scoring better with each revision and is getting some new technology slowly introduced in preparation for FortiClient 6.0 which is less than a month away. Also, RAP test, FortiClient was second best, and ahead of big name players;

Virus Bulletin :: VB100 Comparative Review - February 2018

To be honest, for many people FortiClient is now a sufficiently good suite to use. However I would still recommend pairing it with VoodooShield or OSArmor until some of the new tech gets introduced, just for safety. But for most people, FortiClient alone would be fine. As a bonus, you can totally disable the telemetry/logging to 100% silent mode with a couple checkboxes. That's a hugely important thing IMO and won't be going away because that client secures some facility that can't leak data. You are in good company.

For Minecraft crashing, try disabling 'Known Communication Channels for Bot Net' first, if that doesn't resolve it (it should), then simply add Minecraft to the exclusions, paying special attention to not only excluding the directory and processes, but excluding it on the exploit protection. As the exploit protection morphs into a stronger BB, it might start introducing FP's. Keeping in mind FortiClient isn't designed for home use, so games aren't always tested on it. ;)

Also in related news. Fortigate scored top on NSS ATP and Real World Gateway protection. 100% exploit protection on the gateway (firewall/UTM), and 98.5% detection on in-stream, realtime Zero Day/ATP attacks. That's impressive.
 
  • Like
Reactions: ZeroDay, harlan4096, abdou17 and 3 others
Infinityx

Infinityx

Level 1
Verified
Dec 23, 2017
15
ForgottenSeer 58943 said:
It is scoring better with each revision and is getting some new technology slowly introduced in preparation for FortiClient 6.0 which is less than a month away. Also, RAP test, FortiClient was second best, and ahead of big name players;

Virus Bulletin :: VB100 Comparative Review - February 2018

To be honest, for many people FortiClient is now a sufficiently good suite to use. However I would still recommend pairing it with VoodooShield or OSArmor until some of the new tech gets introduced, just for safety. But for most people, FortiClient alone would be fine. As a bonus, you can totally disable the telemetry/logging to 100% silent mode with a couple checkboxes. That's a hugely important thing IMO and won't be going away because that client secures some facility that can't leak data. You are in good company.

For Minecraft crashing, try disabling 'Known Communication Channels for Bot Net' first, if that doesn't resolve it (it should), then simply add Minecraft to the exclusions, paying special attention to not only excluding the directory and processes, but excluding it on the exploit protection. As the exploit protection morphs into a stronger BB, it might start introducing FP's. Keeping in mind FortiClient isn't designed for home use, so games aren't always tested on it. ;)

Also in related news. Fortigate scored top on NSS ATP and Real World Gateway protection. 100% exploit protection on the gateway (firewall/UTM), and 98.5% detection on in-stream, realtime Zero Day/ATP attacks. That's impressive.
Click to expand...

Awesome, and I appreciate the tips. I myself don't normally use an anti virus, but you never know when a site you frequent is exploting a 0 day due to it being hacked, so it fits my needs well. As for the OSarmor, i do install that alongside any antivirus i'm running on friends & family members machines.
 
  • Like
Reactions: ZeroDay
Status
Not open for further replies.

Similar threads

TuxTalk
    • Like
    • +Reputation
App Review Trend Micro Worry-Free XDR Services
Replies
16
Views
984
Written Reviews - Security and Privacy
TuxTalk
TuxTalk
Gandalf_The_Grey
    • Like
    • Thanks
    • Wow
AV-Comparatives Advanced Threat Protection (ATP) Test 2024
Replies
0
Views
481
Security Statistics and Reports
Gandalf_The_Grey
Gandalf_The_Grey
Brownie2019
    • Like
On Sale! Norton 360 for Gamers 1 Year, 3 devices, £4.99
Replies
1
Views
526
Discounts and Deals
Dark Knight
Dark Knight

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top