Hi Everyone,
Our company is running FortiEDR and FortiClient. FortiEDR detected AsyncRAT and WGZ!tr on one of the workstations. In FortiEDR, the device was moved to the High-Security Collector Group with the protection enabled. However, the vulnerability scan using FortiClient Endpoint did not detect the AsycRAT and WGZ!tr.
What can cause these inconsistencies and how do we resolve this? Thanks for your responses.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Jaime,
FortiClient (FCT) and EDR works differently in scanning, which can be one of the reason.
FCT needs to get virus signature from FortiGuard, and EDR works by sending the details to Aggregator to process. Cloud service by EDR is usually kept up to date, but this may not be the case for FCT. The endpoint FCT by default attempt to get updates from FortiGuard every hour, if for whatever reason if it kept failing, we will have to look at it.
You can perform a search about the virus/malware in fortiguard.com, there are many variations of AsyncRAT and WGZ!tr.
For example, this https://www.fortiguard.com/encyclopedia/virus/10147915 is covered in EDR, is covered in FCT but only when there is extended signature database.
Hello jaime,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello jaime,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
Hi Jaime,
FortiClient (FCT) and EDR works differently in scanning, which can be one of the reason.
FCT needs to get virus signature from FortiGuard, and EDR works by sending the details to Aggregator to process. Cloud service by EDR is usually kept up to date, but this may not be the case for FCT. The endpoint FCT by default attempt to get updates from FortiGuard every hour, if for whatever reason if it kept failing, we will have to look at it.
You can perform a search about the virus/malware in fortiguard.com, there are many variations of AsyncRAT and WGZ!tr.
For example, this https://www.fortiguard.com/encyclopedia/virus/10147915 is covered in EDR, is covered in FCT but only when there is extended signature database.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.