PSA - FortiClient WebFilter only bug and fix

Status
Not open for further replies.
mekelek

mekelek

Level 28
Thread author
Verified
Well-known
Feb 24, 2017
1,661
So a few saw my thoughts about FortiClient's UI and one of it's bugs that happened to me when I tried adding it to my combo.

So basically when you install ONLY the WebFilter, the Security Risk tab can't be changed, even if you change it manually through config exporting/importing, the UI will change it back to all blocked.
kngas5.png


So I gave up on it, but then people said that they don't have this issue.

So I started toying around with it in a VM, installing every module, and voila, issue is gone, since the tab doesn't exist at the WebFilter tab anymore.
jK62Mv.png


turns out, the Antivirus module is handling it if it's installed, and those annoying pesky "Newly" category blocks are not happening anymore.

I went on the Forti forums but the FortiClient section seems dead, so I'm not sure if they're aware of this UI bug, but now at least I can fully disable the AV module(except web filtering) and use it for the porpuse I want it to.

maybe @ForgottenSeer 58943 could forward my findings to the engineers over at Fortinet to fix this bug so I don't have to have the AV module installed. Would appreciate it.
 
  • Like
Reactions: harlan4096 and upnorth
F

ForgottenSeer 58943

Indeed the malicious filtration for some reason is tied to the antivirus module in the gui. I forgot about that issue.

New Domain categories were added in 5.6 to combat malware, ransomware,botnet and state sponsored attacks because those are incredibly likely to fall under newly registered/newly seen domains.

I'll let the TAC know. 6.0 is in development right now so no idea if they would even consider this a bug to address or just 'the way it is' kind of thing. But I agree, ALL of the web filtration should be merged.
 
  • Like
Reactions: harlan4096, upnorth and mekelek
mekelek

mekelek

Level 28
Thread author
Verified
Well-known
Feb 24, 2017
1,661
ForgottenSeer 58943 said:
Indeed the malicious filtration for some reason is tied to the antivirus module in the gui. I forgot about that issue.

New Domain categories were added in 5.6 to combat malware, ransomware,botnet and state sponsored attacks because those are incredibly likely to fall under newly registered/newly seen domains.

I'll let the TAC know. 6.0 is in development right now so no idea if they would even consider this a bug to address or just 'the way it is' kind of thing. But I agree, ALL of the web filtration should be merged.
Click to expand...
webfilter categories are still forced back to Deny, installing the AV module didn't help.
 
  • Like
Reactions: harlan4096
F

ForgottenSeer 58943

mekelek said:
webfilter categories are still forced back to Deny, installing the AV module didn't help.
Click to expand...

So let me wrap my head around this.. With the AV module installed, the 'New' web categories disappear entirely? They should still be there, but under the antivirus settings now, right? Or are they gone completely?

If that's the case, this would be a bug. It probably got missed because the FortiGate/EMS would normally control the filtered categories and push those to the FortiClient so it is looking for that push, and re-enforcing the 'safe' defaults in lieu of the push? For example this is what I see on the Fortigate;

web.png
 
  • Like
Reactions: upnorth and harlan4096
mekelek

mekelek

Level 28
Thread author
Verified
Well-known
Feb 24, 2017
1,661
ForgottenSeer 58943 said:
So let me wrap my head around this.. With the AV module installed, the 'New' web categories disappear entirely? They should still be there, but under the antivirus settings now, right? Or are they gone completely?

If that's the case, this would be a bug. It probably got missed because the FortiGate/EMS would normally control the filtered categories and push those to the FortiClient so it is looking for that push, and re-enforcing the 'safe' defaults in lieu of the push? For example this is what I see on the Fortigate;

View attachment 186957
Click to expand...
they're gone, fully.
if AV module is installed, they're gone from webfilter categories, and AV has no categories
if AV module is not installed, they're in webfilter categories

in both cases, they can't be changed, they're forced back to Deny whenever you close a UI element.
 
  • Like
Reactions: upnorth
ZeroDay

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
I definitely need to get myself a Forti Appliance. I'm very impressed with what I've seen and read so far.
 
  • Like
Reactions: mekelek
Status
Not open for further replies.

Similar threads

Zartarra
    • Like
    • Wow
    • Thanks
Serious Discussion Trend Micro problems on live system
Replies
6
Views
915
Other security for Windows, Mac, Linux
Zartarra
Zartarra
Ink
    • Like
Hot Take Firefox Tooltip bug fixed by Yifan Zhu student
Replies
0
Views
549
Firefox
Ink
Ink
nicolaasjan
    • Wow
    • +Reputation
    • Sad
Serious Discussion YouTube: Google has found a way to break Invidious
Replies
3
Views
540
General Privacy Discussions
nicolaasjan
nicolaasjan

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top