Skip to main content
CfSi_Dan
CfSi_Dan
New Member
January 12, 2015
Solved

FortiClient RealTime Scan Blocking Access To InfoPath Form

  • January 12, 2015
  • 3 replies
  • 6952 views

Environment:

140 Endpoint Devices

Forticlient: 5.2.1 & 5.2.2

Managed Through Fortigate, package custom deployed with FortiConfiguration Tool

 

We are currently experiencing an issue in which the FortiClient Realtime scanner is blocking access to a InfoPath offline form (.xsn) file.  The file is able to be downloaded, however we attempting to open a dialog appears on screen with the message of access is denied. When the scanner blocks the file no mention of the scanner is noted in the realtime scan log.  We believe that the realtime scanner is blocking the file as when we disable the realtime scanner the file can be opened without issue.  

 

We have also used exclusions to remove a particular folder (%APPDATA%\Microsoft\Infopath) from being scanner, which has also seemed to be a workaround for the file being blocked.

 

My question is if anyone has experience similar behavior and if so what had they done to resolve the false positive.  I understand that I can use a file exclusion, however I don't feel that this adequately resolves the issue.  What tools and techniques have you used to debug/troubleshoot similar issues?

Best answer by Christopher_McMullan

Dan,

 

Within FortiClient itself, change the logging level to debug, or as sensitive as you can make it within the confines of the disk space you have available.

 

The output can be parsed for the filename in question, and it may give you/us a better idea of the reasons behind the file being flagged.

3 replies

Christopher_McMullan
Staff
Christopher_McMullanAnswer
Staff
January 12, 2015

Dan,

 

Within FortiClient itself, change the logging level to debug, or as sensitive as you can make it within the confines of the disk space you have available.

 

The output can be parsed for the filename in question, and it may give you/us a better idea of the reasons behind the file being flagged.

CfSi_Dan
CfSi_DanAuthor
New Member
January 12, 2015

I changed my logging to debug, and attempted to open the file, and received the error in the application.  I then exported the log files and reviewed looking for any indication that the file was blocked.  There was nothing that I could find in the log.  I then placed the exclusion back into the FortiClient, and was able to open.

 

It does not appear that the client is logging the particular activity that is blocking the file from being accessed.

Christopher_McMullan
Staff
Christopher_McMullan
Staff
January 13, 2015

I'm working with my colleagues in TAC on related cases, since it doesn't seem possible to reproduce the issue under all circumstances, at least historically. In 2012, a bug was opened to address access denial to InfoPath files, but it was closed after a lack of customer response.

 

Would it be possible to provide a sample file for testing that's been sanitized as necessary? You can provide it here or through a TAC ticket.

CfSi_Dan
CfSi_DanAuthor
New Member
January 13, 2015

Awesome thank you.  I would prefer to provide through a ticket as it contains company proprietary information.

 

What information do you need for me to reference?  I also can provide some details as to what we have found thus far.

CfSi_Dan
CfSi_DanAuthor
New Member
January 13, 2015

The TAC engineer working my existing case has also requested the file.  Case #: 1292477.  File is attached.

Will_M
Will_M
New Member
May 28, 2015

Are there any updates on this? I seem to be having the same issue.

Terms & ConditionsAccessibility statement