Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PlatformTeam
New Contributor

Created on ‎10-21-2024 06:03 AM

FortiClient - Blocked (Unknown.Application): Unknown.Application

Hi
I am seeing this error on a number of our MacOS clients but I have no idea how to debug where this comes from.

Is there a way to see more infrormation on this?

 

The clients all connect to an EMS solution - but this just shows a count, a threat ID of 0 and the same message.

 

Thanks in advance

Labels:
499
0 Kudos
2 REPLIES 2
AEK
SuperUser
SuperUser

Created on ‎10-21-2024 07:50 AM

Hello

When you export FCT logs, you can check the file appfw.log, it may contain further info about the issue.

AEK
AEK
479
0 Kudos
PlatformTeam
New Contributor
In response to AEK

Created on ‎10-22-2024 05:53 AM

hmm, not really

20241022 10:21:44.597 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=0 dstaddr=10.10.1.95:65190
20241022 10:39:23.365 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=8 dstaddr=209.85.203.138:443
20241022 10:40:10.392 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=0 dstaddr=10.10.1.25:49030
20241022 12:26:05.687 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=8 dstaddr=ff02::b:37809
20241022 12:44:51.390 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=8 dstaddr=10.10.1.25:55193
20241022 13:05:15.357 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=8 dstaddr=74.125.193.95:443
20241022 13:17:09.149 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=0 dstaddr=10.10.1.114:50565

The two public IP addresses listed resolve to be google!
The private addresses are things on the local network - such as an AppleTV device so I can only assume that they are broadcasting or something.

 

With severity=0 and no obvious issues from the client side, I wonder what the purpose of these errors are

 

432
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.