Hello Forti Community,
we are currently testing FortiClient EMS and we have the problem that all our clients are listed under Endpoint Alerts as Out of date, protection. But the problem is that the AV signature on the client matches the current version on the EMS but they still are listed as out of date. For example, current AV Signature Version: 92.07438, New AV Signature Version: 92.07438.
We are using EMS 7.4.0 and FortiClient 7.4.0, the problem occurs on Windows and Linux Clients.
Any ideas on how to fix this?
Thank you in advance for your help.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello kraus,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hi @Anil_Solakoglu ,
Could we request your FortiClient expertise?
Regards,
Hello Kraus,
Can you please have a look at the article to troubleshoot the behavior further?
https://community.fortinet.com/t5/FortiClient/Troubleshooting-Tip-FortiClient-Signatures-and-connect...
Another point is can you validate whether the signatures match with the latest database on Fortiguard?
EMS -> System Settings -> FortiGuard Services -> View signature list.
You can find a recent signature in use at https://www.fortiguard.com/updates/antivirus
Please compare both.
Additionally, please confirm what AV signature build you have on the EMS (AV signature list) server and Forticlient UI -> About as well.
Thanks.
Anil Solakoglu.
Thank you Anil!
Hello Anil and Anthony,
thank you for the reply, I will be able to get back to this beginning next week.
regards
Hello @Anil_Solakoglu,
sorry for the late reply, I was finally able to try out your suggestions.
I compared the AV signatures on the EMS, on my client and on the FortiGuard website you sent me and they match. For example right now the version on FortiGuard was 92.07733, the same version was listed on my EMS under System Settings -> FortiGuard Services and on my local client.
I also executed the commands from your first link and it says "No data/engine upate is available", here the output for your reference:
update_task -d
update settings:
dw_use_legacy_fdn:0
ocsp_mode:0
dwRestrictRegions:0
pfn_udpate_task_main:00007FFC3999FC40arg[0]:update_task
arg[1]:-d
update_task_tls
AV signature 92.07733 02.10.2024 10:50:34 No data/engine update is available.
AV ext signature 92.07724 02.10.2024 08:50:55 No data/engine update is available.
AV extreme signature 1.00000 01.01.1970 01:00:00 No data/engine update is available.
AV heuristics signature 4.00777 01.01.1970 01:00:00 No data/engine update is available.
AV pallas signature 3.00959 02.10.2024 11:04:35 Updated successfully!
AV engine 7.00026 31.05.2024 13:55:44 No data/engine update is available.
AntiSpyware sigs 1.00000 01.01.1970 01:00:00 No data/engine update is available.
AntiSpyware engine 2.00068 31.05.2024 13:55:46 No data/engine update is available.
Application Signatures 0.00000 01.01.1970 01:00:00 No data/engine update is available.
Vulnerability engine 3.00002 31.05.2024 13:55:48 No data/engine update is available.
Vulnerability signature 1.00750 02.10.2024 08:49:06 No data/engine update is available.
IPS engine 4.00082 31.05.2024 13:55:46 No data/engine update is available.
IPS Signatures 28.00873 01.10.2024 21:10:08 No data/engine update is available.
IRDB Signatures 4.00900 02.10.2024 08:49:06 No data/engine update is available.
ICDB Signatures 1.00045 16.09.2024 13:19:02 No data/engine update is available.
isdb_app Signatures 7.03878 02.10.2024 08:49:06 No data/engine update is available.
isdb_map Signatures 7.03878 02.10.2024 08:49:06 No data/engine update is available.
Anti Ransomware Engine 1.00185
Artifact collector 1.00015
But my client is still listed as "Out of date, protection".
Any further ideas?
regards
Hi Kraus,
That is strange to see two different signatures for both.
AV signature 92.07733 02.10.2024 10:50:34 No data/engine update is available.
AV ext signature 92.07724 02.10.2024 08:50:55 No data/engine update is available.
If you already provided access from endpoints to Fortiguard destinations (ISDB objects) without any inspection. (Including SSL deep inspection, certificate inspection, etc.)
Please raise a Forticare ticket to troubleshoot details further.
Thanks & Regards.
Anil Solakoglu.
Hi @Anil_Solakoglu,
OK I will raise a ticket, I will post the solution if I get one in time.
Thank you for your help
regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.