Forticlient FSA/RISK_HIGH on Ms-Systemfiles and Ms-binaries

Forum|Forum|1 year ago
October 11, 2024
2 replies
1832 views

We are fighting an issue with Forti Client 7.2.5

We got a Malware/Virus detection on following files (multiple clients):

Malware: FSA/RISK_HIGH found in C:\Windows\WinSxS\wow64_microsoft-windows-recover_31bf3856ad364e35_10.0.19041.1_none_465905a4885947e8\recover.exe by realtime scan. The file was quarantined.

Malware: FSA/RISK_HIGH C:\Windows\WinSxS\amd64_microsoft-windows-wmpnss-ux_31bf3856ad364e35_10.0.19041.1_none_6db5d09458d426f5\wmpnscfg.exe by realtime scan. The file was quarantined C:\Windows\SysWOW64\recover.exe by realtime scan. The file was quarantined.

Malware: FSA/RISK_HIGH found in C:\Program Files\Windows Media Player\wmpnscfg.exe by realtime scan. The file was quarantined.

After running

SFC /scannow

DISM /online /Cleanup-image /ScanHealth

DISM /Online /Cleanup-Image /Checkhealth

DISM /Online /Cleanup-Image /RestoreHealth

the problem disappeared on one client, but is persistent on another one.

I have opened a ticket (TAC) and the issue is investigated. Support is expecting false positives here.

Do you also have such issues? Would be great if you report here:

Using Windows 10 and 11 with the latest patches applied.

Thanks!

menatworkAuthor

Visitor III

seems like to be a false positive, wondering why no one else seems to have the problem?

To say it in the words of a popular vulcan... "Fascinating..."

bolukxo1

New Member

I think there is also the fact that other vendor firewalls apply nextgen firewall features to the local in traffic, whereas fortigates don't unless you configure a custom local in policy with virtual patch enabled. These vulnerabilities on other firewalls can be remediated through the regular security feeds and don't require you to install a patch (usually).

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded