A couple of things about Forticlient:
- Its installer is awful. It takes aeons to download, scan and then finally install.
- Forticlient's free version is purely signature based. That won't be a problem if you're planning on running it alongside CF though.
- It has absolutely outstanding malicious URL blocking.
1) The installer is fine, but it does download modules and updates during the installation. You can cancel the pre-install scan by clicking cancel. In all fairness, the installation is much quicker for me since I have a Fortigate on my gateway it installs with pushes from the appliance vs over the internet.
2) Version 5.6 has introduced a lot of new technologies under the hood that aren't self evidence. It's progressed from a pure signature based scanner. Although the signatures are pretty well regarded in the industry. Fortinet is very speedy with updating them - try the submission and see. (while Trend is glacially slow)
5.6 introduced Rootkit Detection, Vulnerability Scanning, Threat Intelligence and Anti-Botnet/Ransomware technology.
3) Indeed. Fortinet has perhaps the best malicious URL blocking in the industry, among any product.
A few tidbits for the technically inclined. If you install Forticlient you can go to settings, then hit 'backup' to backup the configuration. This is an XML-Style file that allows you to seriously dig into the product and tweak a lot of things under the hood that aren't available in the GUI. So make the backup, make a copy of the backup (just in case you mess up the script), then dig into the script for the juicy bits. (use Notepad++ or something)
The GUI is purposely limited so people don't click things in an enterprise environment and get unexpected results. You can do fun stuff like turn on multi-core scanning/processing which makes it ridiculously fast. You can dial up heuristics, turn on extreme databases for even greater signatures, etc.. Here's a small snippet;
<antivirus>
<enabled>1</enabled>
<signature_expired_notification>0</signature_expired_notification>
<scan_on_insertion>0</scan_on_insertion>
<shell_integration>1</shell_integration>
<antirootkit>4294967295</antirootkit>
<fortiguard_analytics>1</fortiguard_analytics>
<multi_process_limit>1</multi_process_limit>
<scheduled_scans>
<ignore_3rd_party_av_conflicts>0</ignore_3rd_party_av_conflicts>
<!--zero, one or more of the following child nodes-->
<full>
<enabled>1</enabled>
<repeat>2</repeat>
<day_of_month>1</day_of_month>
<time>19:30</time>
<removable_media>1</removable_media>
<network_drives>0</network_drives>
<priority>0</priority>
</full>
</scheduled_scans>
<on_demand_scanning>
<use_extreme_db>1</use_extreme_db>
<on_virus_found>4</on_virus_found>
<pause_on_battery_power>1</pause_on_battery_power>
<signature_load_memory_threshold>8</signature_load_memory_threshold>
<automatic_virus_submission>
<enabled>0</enabled>
<smtp_server>fortinetvirussubmit.com</smtp_server>
<username>Enc 341b4a044abc73d0d7cc417825d302784a359e5d30ef9432</username>
<password>Enc 16e87c0533f9a541b9895fa24f7d881da4da55430d653464</password>
</automatic_virus_submission>
<compressed_files>
<scan>1</scan>
<maxsize>0</maxsize>
</compressed_files>
<riskware>
<enabled>1</enabled>
</riskware>
<adware>
<enabled>1</enabled>
</adware>
<heuristic_scanning>
<level>3</level>
<action>2</action>
</heuristic_scanning>
Disclaimer: I'm a Fortigate NSE5 engineer. I will be happy to help anyone with questions about any setting or how the various technologies work. In my personal opinion, Forticlient makes a fantastic solution to combine with another one. For me, that's Voodooshield and Forticlient. I assume it would rock out with Comodo.
One thing to add - Forticlient adds a context menu for virus submission. This goes directly into the lab. Expect fast responses.
