FortiClient software - has anyone use this?

Question

FortiClient software - has anyone use this?

SparWeb (Aerospace)

(OP)

17 Feb 18 03:22

Up until today, I've been able to work remotely from home or a hotel by using a VPN to access the company network and log into my desk computer workstation. This system worked well enough, though it was often clunky for heavy applications like CAD and FEA. The VPN connected with software from Checkpoint and AFAIK it only did the typical VPN encryption task but includes some malware scanning.

Now they want to change to a different software, and this one seems much more intrusive:
https://forticlient.com/

Forticlient is designed to interrogate my OS to determine it has all patches and updates installed, confirm that my firewall and antivirus are completely up to date, scan other applications that are in memory, and collect statistics about my usage and activity. Woah. This is like installing spyware on my computer... on purpose.

Has anybody used this? Or something like it? Is it as bad as I think it is?

I'm giving serious thought to buying a "burner" laptop that I can install this, and only this, software on. My company is not likely to give me a laptop of their own for me to keep at home for this purpose.

STF

SWComposites (Aerospace) · Answer 1 · 2018-02-17 05:31:13

Or if they wont buy you a company laptop, stop working from home.

jmec87 (Mechanical) · Answer 2 · 2018-02-17 08:36:46

I've used it. It works well as a VPN. FortiClient isn't a single program; it's of a bunch of components. I only use "Remote Access" (VPN) component and not any of the other components (Compliance, Sandbox detection, Vulnerability scan, etc.), so I don't think it's performing the "spyware" functions you mention on my computer. I suggest checking to see what components you are all supposed to run and verifying what they will do.

BrianPetersen (Mechanical) · Answer 3 · 2018-02-17 13:49:43

I don't understand the point of the burner laptop if you're not going to put any other software on it. If you're not going to put any other software on that one then you can't do anything with it, and presumably the computer that you want to connect to the network on has functional and useful software on it but presumably the security system will be looking for the security software on *that* one.

SparWeb (Aerospace) · Answer 4 · 2018-02-17 14:17:25

Hi Brian,
Good question, but the workstation at my office desk is already well "tended to" by the IT department, no need for extra scrutiny on that one. The Forticlient is pretty obviously going to be scanning applications on MY home computer. When using the VPN, I have access to everything on my workstation, just like I'm sitting at my office desk. I don't need applications on a "burner laptop" because I have access to many more at work.

Jmec87,
That's interesting. The documentation I read so far didn't give me that impression at all. The demonstration from my IT manager didn't bring that up, either. I will look again, of course. What is downloaded from the website is a single installer that will, by default, install everything. Having an option to disable/remove some parts may become apparent, but I would have to install it to find out!

Many people from the office are talking about doing what SWC says.

STF

jmec87 (Mechanical) · Answer 5 · 2018-02-17 15:41:55

SparWeb,
Looking at the website, I also thought at first that everything came as a single package, but I definitely don't have some of the components installed. Their Technical Specifications page also shows which components are compatible with which OS: https://forticlient.com/techspec
The admin guide is available from https://docs.fortinet.com/forticlient/admin-guides . If I'm understanding it correctly, the minimum installation is the "Security Fabric Agent", which includes the Compliance and Vulnerability Scan components, and then other components (such as Remote Access/VPN and Web Filtering) are optional. However, depending on your set-up, the Compliance component/function can be set to "Not participating", which means it is disabled, even while you're able to use the Remote Access component.

SparWeb (Aerospace) · Answer 6 · 2018-02-18 00:02:32

Thanks jmec87, you seem to understand it better than me.
I'll give it a go... in the sandbox first... and see if I can make this thing harmless.

STF

SparWeb (Aerospace) · Answer 7 · 2018-02-18 00:10:39

Doh!
"Sandbox detection for FortiClient (Windows)"
I didn't realize I was using terminology that typically refers to something else. What I meant was using an old laptop as a "sandbox" - to see what modules I can avoid installing to just get it running the VPN.

STF

FreddyNurk (Electrical) · Answer 8 · 2018-02-18 03:37:24

I suppose I can see some perspective in terms of IT's view, there's a lot more issues prevalent now than there used to be, and the last thing they want is to remotely exposing SMB shares to your own PC, and having some cryptolocker variant smash the corporate storage.

There are probably different levels of capability, and probably not much stopping you from running your own VM installation to connect to the corporate network. You can even attempt to run Linux, I note that it only supports the VPN connection.

I tend to agree though, if they don't provide the facilities for working at home, then its probably not quite worth pursuing.

SparWeb (Aerospace) · Answer 9 · 2018-02-18 17:12:17

"worth pursuing" Yeah, it's either my time or my money.

The IT guy has described several such attempted attacks to me. There have been several "beachheads" established by attackers when ignorant users opened ZIP files in their e-mail.
Nothing gets our IT guys more agitated and writing e-mails in ALL CAPS than when they remind us not to open e-mail attachments from unknown sources.

STF

MacGyverS2000 (Electrical) · Answer 10 · 2018-02-19 11:35:36

You shouldn't open them from KNOWN sources, either

Seriously, though, all attachments should be opened in a sandbox environment first, then multiple virus scanners run on the file. Only then can you be relatively sure it's a kosher file.

Quite often those types of programs will not run in a sandbox themselves to prevent someone from reverse-engineering what hooks it uses, so installing on a junk system and wiping after is the generally the only available solution to the average home user.

Dan - Owner
http://www.Hi-TecDesigns.com

3DDave (Aerospace) · Answer 11 · 2018-02-19 12:50:33

For certain - my company had one get loose because a mid-level executive demanded the mail filters let a file-type through (I think it was .exe or .zip) and one of the first things it did was to go to people's e-mail and send itself to everyone on their list. It then damaged and renamed as many files as it could get to, adding copies of itself to certain types of ordinary files (.doc, .jpg, et al). So every one who got e-mailed was getting it from a source they probably trusted.

The main flaw it depended on was that Outlook would use an internal marker in the file to see if it was executable even if the suffix indicated it was not. So a file with a .jpg suffix that was actually executable would get run instead of being opened in an image viewer.

I suspect somewhere north of a million files were deleted or damaged. Fortunately our IT group wears belts and suspenders and was able to purge the company and restore the files within a day. And no mid=level executives were ever given any traction about shutting off system security measures.

Come Join Us!

Posting Guidelines

Related Projects

Jobs

FortiClient software - has anyone use this?