- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: FortiClient RealTime Scan Blocking Access To I...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiClient RealTime Scan Blocking Access To InfoPath Form
Environment:
140 Endpoint Devices
Forticlient: 5.2.1 & 5.2.2
Managed Through Fortigate, package custom deployed with FortiConfiguration Tool
We are currently experiencing an issue in which the FortiClient Realtime scanner is blocking access to a InfoPath offline form (.xsn) file. The file is able to be downloaded, however we attempting to open a dialog appears on screen with the message of access is denied. When the scanner blocks the file no mention of the scanner is noted in the realtime scan log. We believe that the realtime scanner is blocking the file as when we disable the realtime scanner the file can be opened without issue.
We have also used exclusions to remove a particular folder (%APPDATA%\Microsoft\Infopath) from being scanner, which has also seemed to be a workaround for the file being blocked.
My question is if anyone has experience similar behavior and if so what had they done to resolve the false positive. I understand that I can use a file exclusion, however I don't feel that this adequately resolves the issue. What tools and techniques have you used to debug/troubleshoot similar issues?
Fortigate 200D HA A/P Cluster FAZ VM
Solved! Go to Solution.
Fortigate 200D HA A/P Cluster FAZ VM
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dan,
Within FortiClient itself, change the logging level to debug, or as sensitive as you can make it within the confines of the disk space you have available.
The output can be parsed for the filename in question, and it may give you/us a better idea of the reasons behind the file being flagged.
Regards, Chris McMullan Fortinet Ottawa
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dan,
Within FortiClient itself, change the logging level to debug, or as sensitive as you can make it within the confines of the disk space you have available.
The output can be parsed for the filename in question, and it may give you/us a better idea of the reasons behind the file being flagged.
Regards, Chris McMullan Fortinet Ottawa
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I changed my logging to debug, and attempted to open the file, and received the error in the application. I then exported the log files and reviewed looking for any indication that the file was blocked. There was nothing that I could find in the log. I then placed the exclusion back into the FortiClient, and was able to open.
It does not appear that the client is logging the particular activity that is blocking the file from being accessed.
Fortigate 200D HA A/P Cluster FAZ VM
Fortigate 200D HA A/P Cluster FAZ VM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm working with my colleagues in TAC on related cases, since it doesn't seem possible to reproduce the issue under all circumstances, at least historically. In 2012, a bug was opened to address access denial to InfoPath files, but it was closed after a lack of customer response.
Would it be possible to provide a sample file for testing that's been sanitized as necessary? You can provide it here or through a TAC ticket.
Regards, Chris McMullan Fortinet Ottawa
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Awesome thank you. I would prefer to provide through a ticket as it contains company proprietary information.
What information do you need for me to reference? I also can provide some details as to what we have found thus far.
Fortigate 200D HA A/P Cluster FAZ VM
Fortigate 200D HA A/P Cluster FAZ VM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The TAC engineer working my existing case has also requested the file. Case #: 1292477. File is attached.
Fortigate 200D HA A/P Cluster FAZ VM
Fortigate 200D HA A/P Cluster FAZ VM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are there any updates on this? I seem to be having the same issue.
Related Posts
- Forticlient blocks LAN connection 447 Views
- FSA/RISK_HIGH on Microsoft and Intel binaries. 758 Views
- How to block traffic on a... 209 Views
- Forticlient EMS block issue 495 Views
- FortiClient - Website blocked (Bad Request... 1459 Views
Labels
-
FortiGate
6,586 -
FortiClient
1,312 -
5.2
801 -
5.4
639 -
FortiManager
570 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
338 -
FortiAP
336 -
FortiClient EMS
268 -
6.2
251 -
FortiMail
246 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
108 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
62 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
26 -
Firewall policy
25 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
LDAP
11 -
VDOM
11 -
Logging
11 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SSO
6 -
Application control
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
SNMP
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.