FortiClient 4.2.0.250

[Ibrad]

in-house engine

[mrfargoreed]

Quick update - after a reboot had real problems with programs connecting and even starting up. Had to do an image restore, so not for me at the moment.

[sg09]

Installed Forticlient Standard. No problem yet. But be careful when using heuristic. It gives a lot of FP. It detected Winpatrol and many plugins of VLC as suspicious.

[deadmeat]

Some problems with BSOD immediately after updating a new install. This applies to W7 x32, not sure about others. The devs are aware of this and a patch release should be out this week.

[sg09]

No BSOD here. But I didn't disturb the long optimization process after installation. Two quick update about this software,
1. Make deletion of objects slower.
2. may be causing problems with system restore.
3. I could not find its startup key in msconfig, ccleaner or Winpatrol.!!

[Ibrad]

Quote:

Originally Posted by sg09

Installed Forticlient Standard. No problem yet. But be careful when using heuristic. It gives a lot of FP. It detected Winpatrol and many plugins of VLC as suspicious.

Send them to them as FP's they have a very fast lab.

[mrfargoreed]

I made a mistake with this. Uninstalled as I thought it caused a blue screen, but turned out to be Comodo Time Machine (every time I install it I get a problem - never again ). Now have Forticlient installed and running really nicely. I really like the Web Filter and hope I get no problems as I'm starting to really like it.

[bellgamin]

Does Forticlient require a restart during installation?

(If not, I would like to test it using Shadow Defender.)

[sg09]

@Ibrad: I've send those FPs..
@bellgamin: It requires a lengthy otimization during installation. If you interrupt that you will have to restart, otherwise it doesn't require..

[mrfargoreed]

I have a question about this, if anyone can help? Installed Forticlient and all running nicely, but also ran Peerblock (with HTTP allowed) and it was going mental, flashing the whole time. When I opened to have a look, everything that was going through my browser was going through port 65534 and being blocked. When I uninstalled Forticlient, Peerblock was silent again. Is this normal behaviour for a firewall? Should my browser traffic be filtered through a different port? Am I missing something with regards to how Forticlient runs? Should I be worried? Have never had this with Outpost or any other firewall, come to think of it. Would love some help on this if anyone can answer this.

[sg09]

Hi mrfargoreed, thanks for notifying that. I have least knowledge in the firewall settings. But I too observed a strabge thing when I run the GRC Shields UP! test... My Port 135 is open..!!! Can anyone help in closing that port??

[mrfargoreed]

I also saw lots of traffic through port 135, too! Did a bit of reading and that port (65534) appears to be a backdoor:

http://www.speedguide.net/port.php?port=65534

http://www.sans.org/security-resourc...q/oddports.php

Am I being paranoid? I don't feel too comfortable about using this now unless someone else knows any more info. Strange that an endpoint protection suite would have so much traffic flying through a port used by trojans ?

[sg09]

After the bitter experience I am not going to recommend this suite to anyone atm.
http://www.wilderssecurity.com/showthread.php?p=1723780

[mrfargoreed]

Thanks for this sg09 - really interesting thread and if Stem says it's a mess then that's good enough for me. Already uninstalled and definitely not too happy .

[deadmeat]

This is another issue that is fixed in 4.2.1. These entries are added to
prevent Windows FW from blocking critical FCT functions. There is a bug in
4.2 which causes too many to be created. There is a workaround to clean out
the rules:

1. Open an admin cmd prompt
2. execute "netsh advfirewall reset"

The 4.2.1 patch should be approved today, but it takes a few days to get the
free client updated on the various public sites.

[deadmeat]

Version 4.2.1.255 fixing several issues has now been approved but not yet reached the download sites.

[sg09]

@deadmeat, are you anyway related to the developer team..? Can you tell me where to submit the buglists for the free suite. I joined the forum but it seems there is sort of distinction between Fortinet and Forticlient products and I couldn't find a proper place to post.

[Ibrad]

I think you have to post here? It looks like where you post for Forticlient:

http://support.fortinet.com/forum/tt...Check=15282716

[deadmeat]

Quote:

Originally Posted by sg09

@deadmeat, are you anyway related to the developer team..?

Sorry for the late reply but I don't get here as often as I should or would like to

Not, I'm not affiliated with FortiClient in any way. I am connected with another website though which gives me access to most of the vendors on a regular basis. FortiClient are always quick to respond and I'm aware of the hard work being put into improving this software. Maybe they'll raise their general support to match at some point, but then that's another issue. I'm not into self promotion either, suffice to say that we link to you and you link to us when relevant and I think that's good enough. There are some great debates and good information here which I enjoy following.

All of us have our own opinions as to which "tests" we feel are relevant so it doesn't bother me too much that FortiClient might be towards the bottom of someone else's pile. It's scanning abilities might not meet everyone's standards but most of us can sweep up with HitmanPro and Malwarebytes to cover any shortfall without risking permanent damage. I just think that FortiClient scores well where it matters most (to me anyway) and that combined with a sensible DNS client like ClearCloud and some common sense makes paying for an alternative irrelevant. Each of us to our own though

[sg09]

Thank you deadmeat..

[Ibrad]

Does FortiClient have a heuristic engine? It seems like it does not have a very strong protection for unknown/newer malware.

[sg09]

Quote:

Originally Posted by Ibrad

Does FortiClient have a heuristic engine? It seems like it does not have a very strong protection for unknown/newer malware.

Yes Ibrad it has..

[CogitoTesting]

Yes indeed they do. However, have you ever tried it? The false positive coming out of it is overwhelming. My advice: do not select the heuristic engine, period.

Thanks.

[sg09]

Quote:

Originally Posted by CogitoTesting

Yes indeed they do. However, have you ever tried it? The false positive coming out of it is overwhelming. My advice: do not select the heuristic engine, period.

Thanks.

Exactly.. that one is tooo aggressive.