Skip to main content
SteveJW
SteveJW
New Member
February 14, 2026
Question

False / Positive ransomware Forticlient EMS 7.4.5

  • February 14, 2026
  • 3 replies
  • 318 views

Last week, I upgraded the Forticlient EMS server to version 7.4.5. The workstations are still running 7.4.4.
A few days later, I noticed that there were 3500 files in Quarantine.
This wasn't the case before. Users can no longer find some of their files.
For example, Spyder is a scripting app we use for data analysis, modeling, and reading/editing files.
I've never had a problem with it.
But now users are getting the following error:
Spyder.jpg

I also see, for example, .xlsx files from some users' OneDrive files incorrectly in Quarantine.

These exclaimer files are also valid:
Exclaimer.jpg

When I click on the ransomware link, I get the FortiGuard Labs message below:
Unavailable
Could not retrieve this virus at this time. Please try again later.

Any idea why there are suddenly so many false/positives?

3 replies

Stephen_G
Moderator
Stephen_G
Moderator
February 17, 2026

Hello SteveJW,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

If anybody else has any info or advice, please feel free to contribute!

Regards,
Stephen_G - Fortinet Community Team
Stephen_G
Moderator
Stephen_G
Moderator
February 18, 2026

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP. If anyone else has any ideas in the meantime, please feel free to contribute!

Regards,
Stephen_G - Fortinet Community Team
Stephen_G
Moderator
Stephen_G
Moderator
February 18, 2026

Hi SteveJW,

 

We recommend reporting any false positives via https://www.fortiguard.com/contactus

Stephen_G - Fortinet Community Team
Terms & ConditionsAccessibility statement