Tag Archives: forticlient 5.4.1 help

Antivirus

Antivirus

FortiClient includes an antivirus module to scan system files, executable files, removable media, dynamic-link library (DLL) files, and drivers. FortiClient will also scan for and remove rootkits. In FortiClient, file-based malware, malicious websites, phishing, and spam URL protection are part of the antivirus module. Scanning can also be extended by using FortiSandbox.

Enable/disable realtime protection

For FortiClient in standalone mode, you can enable and disable realtime protection by using the FortiClient console.

For FortiClient in managed mode, an administrator enables, disables, and configures realtime protection by using a FortiClient profile. See FortiClient profiles on page 29.

Enable/disable Antivirus

This setting can only be configured when FortiClient is in standalone mode.

To enable Antivirus:

  1. On the AntiVirus tab, click the settings icon next to Realtime Protection Disabled. The real-time protection settings page opens.
  2. Select the Scan files as they are downloaded orcopied to my system check box.
  3. Click OK.

If you have another antivirus program installed on your system, FortiClient will show a warning that your system may lock up due to conflicts between different antivirus products.

Conflicting antivirus warning

To disable antivirus:

  1. On the AntiVirus tab, click the settings icon next to Realtime Protection Enable. The real-time protection settings page opens.

Enable/disable realtime protection

  1. Clear the Scan files as they are downloaded orcopied to my system check box, and click OK.

Enable/disable FortiSandbox

This setting can only be configured when FortiClient is in standalone mode.

FortiClient integration with FortiSandbox allows you to submit files to FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they cannot be detected by the local, real-time scanning. Access to the downloaded file is blocked until the scanning result is returned.

As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time and on-demand AV scanning.

You cannot configure this option when FortiClient is connected to FortiGate/EMS. The administrator configures this option on FortiGate/EMS.

To enable FortiSandbox:

  1. On the AntiVirus tab, select the settings icon to open the real-time protection settings page.
  2. Select Extend scanning using FortiSandbox.
  3. Enter the FortiSandbox IP address, then select Test to ensure that the connection is correct.

 

Scan and analysis on demand

  1. Set the remaining options as needed.
  2. Click OK to apply your changes.

Telemetry Gateway IP Lists

Telemetry Gateway IP Lists

In managed mode, FortiClient can use a Telemetry Gateway IP List to automatically locate FortiGate/EMS for FortiClient Telemetry connection.

The Telemetry Gateway IP List is a list of gateway IP addresses that FortiClient can use to connect FortiClient Telemetry to FortiGate/EMS. After FortiClient installation completes on the endpoint device, FortiClient automatically launches and uses the Telemetry Gateway IP List to locate FortiGate/EMS for FortiClient Telemetry connection.

After FortiClient is installed on the endpoint and FortiClient Telemetry is connected to FortiGate/EMS, you can view the Telemetry Gateway IP List in the FortiClient console. See View gateway IP lists on page 59.

Configure Telemetry Gateway IP Lists (EMS)

FortiClient EMS includes the option to create one or more Telemetry Gateway IP Lists. The list can include IP addresses for EMS and for FortiGate. You can assign Telemetry Gateway IP Lists to domains and workgroups in EMS. You can also update the assigned Telemetry Gateway IP Lists after FortiClient is installed, and the updated lists are pushed to FortiClient endpoints. See the FortiClient EMS Administration Guide.

Configure Telemetry Gateway IP Lists (FortiGate)

If you are using FortiGate without EMS, you can add Telemetry Gateway IP addresses to the FortiClient installer by using the Configurator Tool. See Custom FortiClient Installations on page 110.

Get started

This section provides an overview of how to configure, provision, and use FortiClient in managed mode.

 

Get started

Configure endpoint management

Before you provision FortiClient in managed mode, you must configure FortiGate or EMS to manage FortiClient endpoints. You can use FortiGate, EMS, or both FortiGate/EMS to manage FortiClient endpoints. The configuration process depends on what product you will use to manage FortiClient endpoints.

When FortiGate is integrated with EMS, you can sometimes assign two profiles to FortiClient endpoints. Each profile has a different purpose. The purpose of the profile from FortiGate is to communicate the compliance rules to FortiClient endpoints. If the profile created by using FortiGate has non-compliance set to block or warn, you can optionally create a profile by using EMS to communicate configuration settings for FortiClient software on endpoints. For more information, see the FortiClient EMS Administration Guide.

If the compliance action is set to block or warn in the FortiClient profile created by using FortiGate, FortiGate does not provision the FortiClient endpoint, and you must manually configure FortiClient or configure FortiClient by using EMS. If the compliance action is set to auto-update, FortiGate makes a best effort to provision FortiClient endpoints to be compliant with the compliance rules.

To configure endpoint management:

  1. Configure the product or products that you will use to manage FortiClient endpoints. The following table identifies where to find instructions:
FortiGate Configure FortiGate endpoint control. See Configure FortiGate on page 33. For more information, see the FortiOS Handbook.
EMS See the FortiClient EMS Administration Guide.
FortiGate integrated with

EMS

For FortiGate, configure endpoint control. See Configure FortiGate on page 33. For more information, see the FortiOS Handbook.

For EMS, see the FortiClient EMS Administration Guide.

After you configure EMS, FortiGate, or both FortiGate/EMS to manage FortiClient endpoints, you are ready to provision FortiClient.

Provision FortiClient

This section provides an overview of how to provision FortiClient in managed mode.

To provision FortiClient:

  1. Ensure that you have configured EMS, FortiGate, or both FortiGate/EMS to manage FortiClient endpoints.
  2. Provision FortiClient on endpoint computers with Internet access. See FortiClient Provisioning on page 44. You can use one of the following methods:

l FortiClient EMS with a Microsoft Active Directory server l Microsoft Active Directory server

After FortiClient installs, FortiClient Telemetry attempts connection to FortiGate/EMS. For more information, see FortiClient Telemetry Connection on page 51.

After FortiClient Telemetry is connected to FortiGate/EMS, FortiClient downloads a profile from FortiGate/EMS. The computer with FortiClient installed and FortiClient Telemetry connected is now a managed endpoint.

  1. Use one or more of the following methods to monitor managed endpoints: l FortiGate l FortiClient EMS