Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kraus
New Contributor II

FortiClient EMS - Out of date Protection on all Clients

Hello Forti Community,

 

we are currently testing FortiClient EMS and we have the problem that all our clients are listed under Endpoint Alerts as Out of date, protection. But the problem is that the AV signature on the client matches the current version on the EMS but they still are listed as out of date. For example, current AV Signature Version: 92.07438, New AV Signature Version: 92.07438.

 

We are using EMS 7.4.0 and FortiClient 7.4.0, the problem occurs on Windows and Linux Clients.

 

Any ideas on how to fix this?

 

Thank you in advance for your help.

8 REPLIES 8
Anthony_E
Community Manager
Community Manager

Hello kraus,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hi @Anil_Solakoglu ,

 

Could we request your FortiClient expertise?

 

Regards,

 

Anthony-Fortinet Community Team.
Anil_Solakoglu

Hello Kraus, 

Can you please have a look at the article to troubleshoot the behavior further?

https://community.fortinet.com/t5/FortiClient/Troubleshooting-Tip-FortiClient-Signatures-and-connect...

 

Another point is can you validate whether the signatures match with the latest database on Fortiguard? 

 

EMS -> System Settings -> FortiGuard Services -> View signature list. 

You can find a recent signature in use at https://www.fortiguard.com/updates/antivirus

 

Please compare both.

Additionally, please confirm what AV signature build you have on the EMS (AV signature list) server and Forticlient UI -> About as well. 

Thanks. 

Anil Solakoglu. 

Anthony_E
Community Manager
Community Manager

Thank you Anil!

Anthony-Fortinet Community Team.
kraus
New Contributor II

Hello Anil and Anthony,

 

thank you for the reply, I will be able to get back to this beginning next week.

 

regards

kraus
New Contributor II

Hello @Anil_Solakoglu,

 

sorry for the late reply, I was finally able to try out your suggestions.


I compared the AV signatures on the EMS, on my client and on the FortiGuard website you sent me and they match. For example right now the version on FortiGuard was 92.07733, the same version was listed on my EMS under System Settings -> FortiGuard Services and on my local client.

 

I also executed the commands from your first link and it says "No data/engine upate is available", here the output for your reference:

 

update_task -d
update settings:
dw_use_legacy_fdn:0
ocsp_mode:0
dwRestrictRegions:0
pfn_udpate_task_main:00007FFC3999FC40arg[0]:update_task
arg[1]:-d
update_task_tls
AV signature 92.07733 02.10.2024 10:50:34 No data/engine update is available.
AV ext signature 92.07724 02.10.2024 08:50:55 No data/engine update is available.
AV extreme signature 1.00000 01.01.1970 01:00:00 No data/engine update is available.
AV heuristics signature 4.00777 01.01.1970 01:00:00 No data/engine update is available.
AV pallas signature 3.00959 02.10.2024 11:04:35 Updated successfully!
AV engine 7.00026 31.05.2024 13:55:44 No data/engine update is available.
AntiSpyware sigs 1.00000 01.01.1970 01:00:00 No data/engine update is available.
AntiSpyware engine 2.00068 31.05.2024 13:55:46 No data/engine update is available.
Application Signatures 0.00000 01.01.1970 01:00:00 No data/engine update is available.
Vulnerability engine 3.00002 31.05.2024 13:55:48 No data/engine update is available.
Vulnerability signature 1.00750 02.10.2024 08:49:06 No data/engine update is available.
IPS engine 4.00082 31.05.2024 13:55:46 No data/engine update is available.
IPS Signatures 28.00873 01.10.2024 21:10:08 No data/engine update is available.
IRDB Signatures 4.00900 02.10.2024 08:49:06 No data/engine update is available.
ICDB Signatures 1.00045 16.09.2024 13:19:02 No data/engine update is available.
isdb_app Signatures 7.03878 02.10.2024 08:49:06 No data/engine update is available.
isdb_map Signatures 7.03878 02.10.2024 08:49:06 No data/engine update is available.
Anti Ransomware Engine 1.00185
Artifact collector 1.00015

But my client is still listed as "Out of date, protection".

Any further ideas?

 

regards


Anil_Solakoglu

Hi Kraus, 

That is strange to see two different signatures for both. 

AV signature 92.07733 02.10.2024 10:50:34 No data/engine update is available.
AV ext signature 92.07724 02.10.2024 08:50:55 No data/engine update is available.

 If you already provided access from endpoints to Fortiguard destinations (ISDB objects) without any inspection. (Including SSL deep inspection, certificate inspection, etc.) 
Please raise a Forticare ticket to troubleshoot details further. 

Thanks & Regards. 

Anil Solakoglu. 

kraus
New Contributor II

Hi @Anil_Solakoglu,

 

OK I will raise a ticket, I will post the solution if I get one in time.

Thank you for your help

 

regards

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors