While installing FortiClient v7.0.1, or while being pushed by the EMS, Windows Defender reports as below:
- Defender detected and terminated active 'Trojan:Win32/SuspServiceBin.A!cl' in process 'FortiClientSetup_7.0.1_x64.exe
- FortiClientSetup_7.0.1_x64.exe - 'SuspServiceBin' malware was detected and was active.
One of the most common causes seen is that an Antivirus product from one vendor detects the other as a Malware or Suspicious process, where an application like Windows Defender is also counted among them. As long as FortiClient is downloaded from trusted sources as described in Technical Tip: How to download different or old versions of FortiClient and FortiClientEMS from the ..., the set file may be whitelisted.
Another possibility is that FortiClient, might not yet be recognized by Microsoft's database as safe software, or it depends on the custom settings for Windows Defender to strictly detect executable files based on their behavior since FortiClient has features that could flag it as a Trojan or a malware. As a result, Windows Defender may flag FortiClient on the side of caution.
It can be considered whitelisting the installer in Windows Defender, but only if the file is downloaded from a legitimate source, as mentioned in the following article.
Additionally, submitting the file to Microsoft for review if it is believed to be a false positive, allows them to reclassify the software appropriately. The file can be submitted at the following link:
https://www.microsoft.com/en-us/wdsi/filesubmission
|
