Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

ylemage_FTNT
Staff
Staff

Created on ‎01-04-2017 11:41 PM

After install via SCCM we get an error: untrusted publisher for running FCWsc.exe

Hi

Anyone an idea how to solve the untrusted publisher error message that arrives after installation during first start for FCWsc.exe
See screenshot. 

Thx

Yves

untrusted publisher.PNG
Preview file
218 KB
Labels:
1282
0 Kudos
3 REPLIES 3
ylemage_FTNT
Staff
Staff

Created on ‎01-06-2017 05:30 AM

To get rid of this error, import a code signing certificate in the FortiClient package generated using the FortiClient Configurator Tool.

When using this tool, in the last step before generating the packages you have the option to import a code signing certificate. If this code signing certificate is generated by your locally trusted CA then you won't have these warning messages. 

Please see attachment for a screenshot about where to select this certificate in the configurator tool.

Please check this link to see how to generate a code signing certificate using the Microsoft CA:

https://blogs.msdn.microsoft.com/sqlforum/2011/01/02/walkthrough-request-a-digital-certificate-from-certificate-server-or-create-a-testing-digital-certificate-to-sign-a-package/



In Reply to Yves Lemage:

Hi

Anyone an idea how to solve the untrusted publisher error message that arrives after installation during first start for FCWsc.exe
See screenshot. 

Thx

Yves

CodeSigning.PNG
Preview file
12 KB
1280
0 Kudos
jonks_FTNT
Staff
Staff
In response to ylemage_FTNT

Created on ‎07-04-2017 09:42 AM

This warning is a feature of Windows Security Center (WSC) starting in Windows 7.
It is not exclusive to deployment via SCCM.

If WSC detects that FortiClients RTP is disabled, it will display a warning to the user telling that it is disabled.
When you use WSC's interface to re-enable FortiClient's RTP, WSC runs FCWsc.exe to re-enable FortiClient's RTP. If it is the first time you have done this, WSC will display this dialog to confirm your intent.

Note: The FCWsc.exe file is digitally signed by Fortinet.

You can verify the file is signed and untampered by viewing the file properties -> digital certificate tab -> select the certificate, and click Details. The dialog that pops up will display the validity of the files signature and the signing certificate information. The thumbprint of the signing certificate is 'b2 7f 93 8a 1e 7f 31 4a 7b 60 c4 8e a1 96 96 1c da a0 9f 7a'

Yves - regarding the code signing certificate that you mentioned that can be supplied to the FortiClient Configurator tool. The configurator only uses that certificate to sign the executable file installer that the configurator tool creates.
It does not use it to sign the installer 'payload' (the files that are installed onto the computer).

1280
0 Kudos
Chris_Lin_FTNT
Staff
Staff

Created on ‎07-04-2017 09:40 AM

The advice posted on July 3, 2017 06:14 AM is totally invalid.

And please beware of that scam URL.

1280
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.