Thankfully I did this on a brand new laptop that isn't an issue if I need to reset it, but I believe I may have inadvertently bricked it by creating a "block all" EMS profile.
The idea I had in mind was to set a default EMS profile that would make it painfully obvious when a newly domain joined PC is added and needs to be placed in the correct EMS location. I have different profiles for different departments, laptops, etc. Nothing should be left in the "Computers" OU which is the default location for newly joined PCs. I also have FortiClient deployed automatically through WSUS so a newly joined PC will automatically download FortiClient, and then pull the EMS profile from that "Computers" OU. Until the PC is manually placed in its correct EMS location I want it to have a default profile that will essentially block all internet & network traffic.
So the problem is that I assumed, (bad idea), that after enabling this on my laptop for testing the laptop would still be able to connect with EMS in case I needed to revert these settings. The problem is that the profile is blocking everything, including communication to the EMS server. I've already removed the "Block All" profile, even tried to exclude this laptop from being managed, but because the laptop cannot connect to EMS it doesn't know to update it's profile.
So is there any possible way to uninstall FortiClient in this type of a scenario? I've even tried going through safe mode, but the uninstallation is grayed out....because of the profile setting of course :)
Hi,
Did you try the removal tool?
You can download FortiClentTools from support page, there is a FCRemove.
According to README
"FCRemove.exe is a clean up tool for use __only_if__ the Add/Remove Programs applet fails to remove FortiClient."
No the tool only works when FortiClient is shut down, for this situation I'd need something that can stop FortiClient and remove it but I'm not sure that is possible. I'll just make sure to be more careful when creating a "locked down" profile! :)
Maybe start in Safe Mode? Let us know if you find a way!
-Russell
Did the FortiClient install create a system restore point that you can roll back to?
My guess was: Safe mode ; stop FC services; kill FC processes; use removal tool.
But really I don't have willingness to "brick" a PC and test if this works :D
I tried safemode but still couldn't stop any of the FC processes, and FortiClient still prompted for a password to shut down. I've already reset the laptop and deleted that EMS profile so no biggie for me. On the plus side I can live with the comfort of knowing that if I have FortiClient password protected our end users will pretty much not have any way to remove it without that password - so I guess it was a good test in the end!
Look at the Fortinet Services which are starting, document the program executable path.
Try booting to safe mode or an alternate boot CD and rename the .EXE files in the FortiClient directory so that they can't run.
Then reboot and see what happens.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.