FortiClient (Windows) 5.6.2

Status
Not open for further replies.
F

ForgottenSeer 58943

I tweaked the INI and trust me it's easy for anyone. You just work your way through the settings like it's a GUI. once you've done it a couple of times you know exactly where to scroll to. And if you backup the tweaked INI you'll only have to do it once. It really is just common sense once you're looking at the INI file. People who are not tech savvy could make a few backups of the original INI so they could practice.

Excellent response.

I do recommend for realtime setting heuristics higher than 0 (which is off). Especially if you have over a dual core machine. I recommend 1 overall, which will substantially improve detection of new threats but not increase your false positives any measurable level. Also extreme database is strongly encouraged, it activates many thousands of additional signatures for older threats you stand a chance of running into (but aren't on the outbreak charts). Just setting these two alone will add a significant measure of protection to your PC.

Database options are;

Normal Includes viruses currently spreading as determined by the FortiGuard Global Security Research Team. These viruses are the greatest threat. The Normal database is the default selection.

Extended Includes the normal database in addition to recent viruses that are less prevalent. These viruses may have been spreading within the last year but have since tapered off.

Extreme Includes the extended database in addition to a large collection of ‘zoo’ viruses. These are viruses that have not seen widespread infection rates and are largely dormant today.
 

d0ts

Level 1
Verified
Nov 9, 2017
23
Let us know what you find.
explorer_2017-12-24_12-28-31.png

@ForgottenSeer 58943 may you talk a bit about the Application Firewall?
 

Infinityx

Level 1
Verified
Dec 23, 2017
15
Interesting, definitely will install and try out for a couple of weeks and will post back with my experience. Interested in seeing how the system resource usage is.
 
Last edited:
F

ForgottenSeer 58943

The Application Firewall is what it sounds like, an application firewall. However control of this is pinned to the Fortigate Device itself and linked to the Application Control aspect of the Fortigate which allows you to 'control' application access/use/restrictions on the endpoint. Without a Fortigate unit to configure and manage this feature it defaults to blocking malicious application activity and malicious processes. There is no further granular control beyond this in the free version.

Also note - an important thing about FortiClient exclusions that is undocumented. If you exclude a full directory it excludes the directory from scanning. To exclude 'other' technologies from a file you need to add the FILE to exclusions itself. This is poorly documented by Fortinet but it needs to be made clear to folks so they know how to exclude properly.

This is the granular application firewall controls in Fortigate. But again, without a Fortigate it will default to 'control' of malicious, suspected malicious or malicious acting subjects without the ability to be granular.

appc.png
 
F

ForgottenSeer 58943

I've noticed a bug in FortiClient 5.6.2 and have reported it to the TAC. I can reproduce the bug at will so I consider it a confirmed bug but not until I hear from the TAC can I officially say so.

Depending on your NIC chipset/driver versioning you MAY experience reduced internet throughput with 'Block known communication channels used by attackers' enabled. I've noted up to a 75% reduction in speed on some chips and haven't found a common thread in the anomaly. If this bug impacts your particular configuration you can simply disable this feature until a fix is issued and everything will return to normal.
 
Last edited by a moderator:

abdou17

Level 2
Verified
May 3, 2013
82
Do you have info on INI file settings (a tutorial or hep file)? Sounds amazing tweakable.

Fortinet did well in the past against malware UR:S and core AV-signatures. Because Fortinet felt a bit heavy and did not have advanced features (like other free AV;s) it was not very popular on security forums. These enhancements are really interesting.

Full info about INI file can be found here
Fortinet Docs Library - FortiClient 5.6.0 XML Reference
 

Infinityx

Level 1
Verified
Dec 23, 2017
15
So i've personally been liking this anti virus a lot. Able to shut it down when it's not needed to prevent resources usage. I did see issues on my other family members computer though. It was causing OpenGL to crash when playing Minecraft, once I uninstalled it, no crashes.
 
F

ForgottenSeer 58943

So i've personally been liking this anti virus a lot. Able to shut it down when it's not needed to prevent resources usage. I did see issues on my other family members computer though. It was causing OpenGL to crash when playing Minecraft, once I uninstalled it, no crashes.

It is scoring better with each revision and is getting some new technology slowly introduced in preparation for FortiClient 6.0 which is less than a month away. Also, RAP test, FortiClient was second best, and ahead of big name players;

Virus Bulletin :: VB100 Comparative Review - February 2018

To be honest, for many people FortiClient is now a sufficiently good suite to use. However I would still recommend pairing it with VoodooShield or OSArmor until some of the new tech gets introduced, just for safety. But for most people, FortiClient alone would be fine. As a bonus, you can totally disable the telemetry/logging to 100% silent mode with a couple checkboxes. That's a hugely important thing IMO and won't be going away because that client secures some facility that can't leak data. You are in good company.

For Minecraft crashing, try disabling 'Known Communication Channels for Bot Net' first, if that doesn't resolve it (it should), then simply add Minecraft to the exclusions, paying special attention to not only excluding the directory and processes, but excluding it on the exploit protection. As the exploit protection morphs into a stronger BB, it might start introducing FP's. Keeping in mind FortiClient isn't designed for home use, so games aren't always tested on it. ;)

Also in related news. Fortigate scored top on NSS ATP and Real World Gateway protection. 100% exploit protection on the gateway (firewall/UTM), and 98.5% detection on in-stream, realtime Zero Day/ATP attacks. That's impressive.
 

Infinityx

Level 1
Verified
Dec 23, 2017
15
It is scoring better with each revision and is getting some new technology slowly introduced in preparation for FortiClient 6.0 which is less than a month away. Also, RAP test, FortiClient was second best, and ahead of big name players;

Virus Bulletin :: VB100 Comparative Review - February 2018

To be honest, for many people FortiClient is now a sufficiently good suite to use. However I would still recommend pairing it with VoodooShield or OSArmor until some of the new tech gets introduced, just for safety. But for most people, FortiClient alone would be fine. As a bonus, you can totally disable the telemetry/logging to 100% silent mode with a couple checkboxes. That's a hugely important thing IMO and won't be going away because that client secures some facility that can't leak data. You are in good company.

For Minecraft crashing, try disabling 'Known Communication Channels for Bot Net' first, if that doesn't resolve it (it should), then simply add Minecraft to the exclusions, paying special attention to not only excluding the directory and processes, but excluding it on the exploit protection. As the exploit protection morphs into a stronger BB, it might start introducing FP's. Keeping in mind FortiClient isn't designed for home use, so games aren't always tested on it. ;)

Also in related news. Fortigate scored top on NSS ATP and Real World Gateway protection. 100% exploit protection on the gateway (firewall/UTM), and 98.5% detection on in-stream, realtime Zero Day/ATP attacks. That's impressive.

Awesome, and I appreciate the tips. I myself don't normally use an anti virus, but you never know when a site you frequent is exploting a 0 day due to it being hacked, so it fits my needs well. As for the OSarmor, i do install that alongside any antivirus i'm running on friends & family members machines.
 
  • Like
Reactions: ZeroDay
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top