Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tamiltk
New Contributor II

Created on ‎10-14-2024 09:20 PM

Covert Malware communication

Need evidence where FortiGate IPS detecting the Covert Malware communication detection.

FortiGate

513
0 Kudos
3 REPLIES 3
AnthonyH
Staff
Staff

Created on ‎10-15-2024 01:23 PM

Hello Tamiltk,

 

Could you further explain what is occurring? Are there any logs under Log & report -> Security Events -> IPS, about traffic being bypass/blocked?

Technical Support Engineer,
Anthony.
447
0 Kudos
Tamiltk
New Contributor II
In response to AnthonyH

Created on ‎10-17-2024 12:42 AM

There wasn't any incident triggered on this subject. I just need an artifact that Fortigate IPS does support Covert Malware communication detection

426
0 Kudos
kaman
Staff
Staff

Created on ‎10-17-2024 02:21 AM Edited on ‎10-17-2024 02:23 AM

Hi Tamiltk,

From the IPS signatures' point of view, we have signatures to detect botnet communication, remote access tools, reverse shells, etc. To detect communications over covert channels, make sure an IPS sensor with all signatures is enabled with the default action, as it should detect and/or block these communications.

Please enable deep inspection, as most of the traffic is in the HTTPS protocol and needs to be decrypted.

If you have found a solution, please like and accept it to make it easily accessible to others.

412
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.