FortiClient Endpoint Security 5

Good timing, I just installed it yesterday night.
Will followup in a few days.

 

You should notice 5.2.2X is getting light. I'm beta testing now for them, and I can say it's getting lighter by the build. However be advised, Fortinet is moving away from any sort of support for Windows XP, and Server 2003. While this version does support XP, they ditched 2003 already, and we know this because we had it on some 2003's and it caused BSOD's with the update. Also, the longer you run the product it will 'feel' lighter until you don't notice it. This is why Forticlient is scoring with no, or minimal impact on tests that examine system weight of products. This is in contrast to 4x and 5.0x which were quite heavy. With 5.1 Forticlient moved Malicious/Spam/Spyware URL databases into the Anti-malware portions of the product. So you can enable/disable by category if you choose to not use those aspects, and if you turn off URL filtering (which I do), then malicious filtering is still enabled.

I would recommend running a full system scan after installation to see the performance improvements fully realized. This version also includes enhanced cloud functionality, and sandboxing.

Forticlient 5.2x includes a new, anti-modern malware detection system for identifying and mitigating Advanced Persistent Threats. Together with industry-validated antivirus signatures, Forticlient delivers a multi-layered approach to dealing with dangerous security threats, including: -FortiGuard Antivirus Engine, which identifies standard AV threats and also uses heuristics and sandboxing to determine malicious behavior -FortiGuard Analytics, which identifies zero-day wares for further analysis in the cloud -FortiGuard Botnet Database, which contains up-to-date information about IP reputations and prevents remote command and control communications -Fortinet Web Filtering, which uses URL matching and DNS-based web filters to identify potentially harmful websites.

After Kaspersky failed miserably to protect a few of my machines in the home I am running Forticlient beta's on all of them. If that fails, I will simply return to Norton. But as a free solution, this has remarkably improved detection for PUP/PUA. It's also getting very light!

 

We are dropping Forticlient 5.2.2 followed by the current beta on a machine in the lab this week coming up, and seeing what it takes to destroy it. It will be DMZ'd, and wide open. I'm gathering close to 500 individual, tested threats to do this. All I will do is report 'basics' of what we found so far with it, 5.2.2 specifically. The beta we won't disclose results due to NDA restrictions, but I may leave hints. ;-) VM's aren't so hot for testing, so we will be using an imaged machine and performing wipes between tests.

We may be deploying Forticlient bulk packages in the new year as part of our protection suite (Fortigate, Fortiswitches, Forticlient). So we've been authorized to do some pretty intense testing. I will report back, but so far I am thinking 5.2.2 is the first 'production ready' product I feel confident in full deployment with, including my home machines. (much ess corporate) Best of all, it's free, so... Also since we are Fortinet partners, and I am a Fortinet NSE engineer, I can get answers fast if we need them. Sometimes in minutes, all the way up to Design and Engineering at Fortinet.

 

Mayahana,can u pls show a link where i can download or register to the beta version? i cant find it..

 

The main page has ver 5.2.2, which sounds like the latest.

 

Still not the lightest, uses 8 processes..

 

Processes doesn't equate to how light something is. Some of those processes are extremely tiny, and only used - in some cases - to put an icon in your tray and not consume any CPU cycles other than a rare check to ensure the tray is functional. Despite the processes, do you notice it's starting to feel 'light' otherwise? I put it on my wifes old dual core 2.66 Laptop a couple of days ago, and it feels the same as if there isn't any AV there at all. I pulled it off and ran launch/move timers, then put it back on, and they were very nearly identical - statistically speaking.

I don't believe they beta test outside of an inner circle, but I can check. I'm an NSE (Fortinet Engineer), and my company is a registered partner of them, so we can sort of get what we need almost immediately. Compared to Cisco, Fortinet engineers are rare, and extremely desirable in the marketplace. Everyone has CCNA's, it's not so easy to get NSE's.

 

Yes I know but still wasn't that lite. But the web filter is very good. I disabled the AV and just used that.

 

Not Lite in what way? Remember, with Forticlient you need to do a full scan, and run it for awhile. It's weight goes to almost nothing if you do. This is one reason why it does a 'quick' scan after install now. In fact, after a day of running Forticlient, you should see no CPU spikes at all unless you download new or change existing files it hasn't already seen. A slight pause on huge new directories can happen as well. But otherwise there shouldn't be any measurable performance impact with 5.2.2..

 

Anyone try Forti in Windows 10 yet?

 

OK I'll give that a try.

 

11 processes for me, though only 1 seems to be using a lot of resources so far.

 

the best web filtering i have ever seen .... @Mayahana as you said wish malicious website filtering was under the web security or there was a way only to disable the antivirus component

 

In previous versions malicious website filtration was under web filtration. They pulled that component out, and placed it under the AV component. So if you disable the AV component you disable the malicious website filtration. To me that's kind of annoying, but I see why they did it.. I just wish they'd place that as a checkbox option on a different tab perhaps? They were concerned someone would disable web filtration, and in the process disable malicious site filtration which works in concert with the IPS/AV/Guard components.

 

I can understand that ..... hopefully they will provide an option for advance customers to disable the av part and still enjoy the full power of web filtering including malicious website filtering

 

I still don't get it. Why are they advertising this product like this:

New Feature Added in FortiClient v5.2

• Pre-Install Malware Cleanup
• Enable Full Protection with One Click
• IPS based Application Firewall
• On-net and Off-net Location based Behaviour
• Client Customization & Rebranding
• UI Support for Advanced VPN Configuration Options
• IPv6 Support for VPN (IPSec & SSL)
• Improved Single Sign-ON Agent Support

When there's no firewall of any kind in it

 

There is an IPS based application firewall, you should see the service for it. That's how it works together, the IPS, URL, AV are all working to implement protection similar to how Fortinet integrates them on their appliances. Fortinet is working for even closer integration whereas the IPS will be kicked off when an AV threat is detected, and hand off to a generated IPS rule to handle the treat. Self-correcting/self-protection, on the fly. Forticlient is - to some extent - the software (however pared down) that runs on Fortigate appliances which runs on a Linux Core.

 

They dropped the Firewall in the free version a number of years ago. The specs you list are probably for the Endpoint Protection product that is used with their appliance (which includes FortiSandbox). The current free version (aside from web filtering) is just a middle of the road AV with no additional form of system protection other than the AV definitions.

There are much, much better free solutions than this one.

 

So the best URL scanner in the world, and a top tier AV with excellent Heuristics isn't enough? Do this for me. Take 5.2.2 and place it on a test machine, then try to infect it - go to CleanMX and click every link there or something.. Let me know what you find. Unfortunately my previous post commented on internal documents, not authorized for release, so I had to delete what I said. I'll just say - expect some great stuff with it.

 

Maya- Check your PM. Note that I'm not a critic of the web filter, but as there are more infection vectors than just downloading things via a browser a direct run of malicious files are more appropriate (and aren't hard to find). Note also that a few of the samples I sent you result in Windows Firewall alerts (good indication that FortiClient has no intrinsic firewall protection).

And 5.2.2 has no Heuristic protection.

 

Under File->Settings are Heuristic checkboxes for Forticlient. You will quite routinely see heuristic detections pop up with it. What gives you the impression they don't exist? Based on the detections I have been seeing, I assumed they work.

 

If you try the malware that I sent to you it will be apparent why I feel heuristics are nonexistent.

 

I will test this over the holidays, thanks. I just got off the phone with a L3 Fortinet Engineer (unrelated issue), so I will be able to punch some ears directly if it fails miserably. Not to mention the Fortinet Regional Director earlier in a conversation. We're deploying 1,400 Forticlients over the next few days. However, with the paid version you are getting the integration with Fortiguard, and the Firewall/IPS. I'd expect it to work much better.

 

Mediocre AV`s need more than a web filter for competant protection.

Where is the zero day component to make up for the fall-short ?

Regards Eck

 

As I understand it, the IPS based application firewall requires the client to be connected to a Fortigate.
So in the case of a home user, that's not working.