Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
mgoswami
Staff
Staff

Created on ‎12-02-2024 05:13 AM Edited on ‎12-02-2024 05:14 AM By Moderator

Article Id 361814

Technical Tip: Endpoints display a pop-up prompting the installation of the same FortiClient version, even though it is already installed

Description This article describes why an endpoint displays a pop-up prompting the installation of a version of FortiClient that is already installed.
Scope FortiClient EMS.
Solution

This issue occurs when FortiClient is manually installed on an endpoint, and the same endpoint has a deployment package assigned in EMS.

 

When a deployment package is created in EMS, it generates an install_uid. Upon manual installation of FortiClient on the endpoint, the install_uid of the manually installed version is reported back to the EMS server.

 

EMS then checks the reported install_uid to verify that the FortiClient in use is the one prepared by EMS, rather than a potentially random version. This process serves as a security measure, as it prevents a user from using a malicious version of FortiClient (which could include harmful scripts) to connect to the EMS.

 

As a result, EMS triggers a re-deployment to ensure that the endpoint matches the configuration specified in the EMS server.

If EMS does not perform a deployment after a manual installation of the same version and build, a mismatch may occur between the configuration of the manually installed FortiClient and the settings defined in the EMS deployment package. For example, an admin may have configured the deployment to include features x, y, and z, but the manual installation may have only included feature x.

 

This mismatch of installerUID can be verified from the FortiClient installer logs as below:

 

[2024-11-26 14:24:28.1234340 UTC+11:00] [ debug] [service:0 ] [ 3132:26848] [ 119] [orchestrator::installer::IsInstalled] installedInfo->installerUID=4A671193-D5CF-4BF7-8800-772E53AE3B25 <--- InstallerUID of the manually installed FortiClient.
[2024-11-26 14:24:28.1234385 UTC+11:00] [ debug] [service:0 ] [ 3132:26848] [ 120] [orchestrator::installer::IsInstalled] packageInfo->installerUID=5CCF0A9A-3F05-4F5B-9722-9D8AE2A30DE2 <------ InstallerUID of the FortiClient from deployment package.
[2024-11-26 14:24:28.1234410 UTC+11:00] [ debug] [service:0 ] [ 3132:26848] [ 121] [orchestrator::installer::IsInstalled] installedInfo->version=7.0.13.577
[2024-11-26 14:24:28.1234433 UTC+11:00] [ debug] [service:0 ] [ 3132:26848] [ 122] [orchestrator::installer::IsInstalled] packageInfo->version=7.0.13.577

 

In the above logs, even though the installed version and deployment package version are the same, the installerUID is different which is why the endpoint is getting the pop-up to reinstall the FortiClient pushed by the deployment package.

 

In order to avoid this pop-up, either of the below options can be followed:

  1. Installing the installer generated by EMS manually.
  2. Ensuring that endpoints that have been installed manually are not configured for deployment.
Labels:
109
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.