Skip to main content
dan_newcombe
dan_newcombe
New Member
July 24, 2018
Question

Forticlient claims it's not-compliant

  • July 24, 2018
  • 1 reply
  • 3533 views

I've run across this before, and had to disable the blocking of non-compliant clients, so I'm back to trying to solve it.

 

My FortiClient (5.6.6.1167) is claiming that it is not-compliant with the Fortigate.  The reason given when I click on Show Compliance Rules is (via an orange exclamation) "FortiClient Signatures are up-to-date"

 

Help|About on the client shows the AV Version is 59.00947, and (at least at time of posting), that is the most recent version showing here (https://fortiguard.com/learnmore#av)  

 

I don't know if it uses a different signature file, but the fortigate itself shows 60.00947 as the AV Signature version.

 

And of course, Fix Non-compliant Settings on the client does nothing - most likely because it is actually up to date.

 

Any idea where to start?  This just started (again) a few days ago.  

    1 reply

    jpauling
    jpauling
    New Member
    July 29, 2018

    This behavior in Linux is completely arbitrary - it found a bunch of things which were intended to be there. I.e Pen test tools. docker containers /chroots with old versions of JRE's needed for ILO/BMC etc; it really didn't like the fact I had a custom kernel either.

     

    When digging into what it thought were issues I only actually saw two messages; one about an old JRE and for some reason it disliked my ntp client of choice?

     

    dan_newcombe
    dan_newcombeAuthor
    New Member
    July 31, 2018

    I would think that would fall under the Vulnerability assessment.    We are not looking at that for compliance.  And of course, now it thinks everything is happy.    Interestingly - the Fortigate and Forticlient now both show the same AV signature version - 61.00120.    Going to have to watch that next time it complains.

    Terms & ConditionsAccessibility statement