Hello all,
The past night Forticlient 7.0.1 update was pushed via EMS and now inside of Defender we are seeing multiple endpoints reporting that:
Defender detected and terminated active 'Trojan:Win32/SuspServiceBin.A!cl' in process 'FortiClientSetup_7.0.1_x64.exe'
It is also saying that:
FortiClientSetup_7.0.1_x64.exe - 'SuspServiceBin' malware was detected and was active
I know I can whitelist what I need to in defender, but I want to know if anyone else has come across this/seen this to get a better understanding as to why this would be.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @joack007
One of the most common causes is a false positive, where antivirus software like Windows Defender mistakenly flags legitimate programs as malware. As long as FortiClient is downloaded from trusted sources, this could likely be the reason, as antivirus software sometimes overreacts to normal behavior in an executable file.
Another possibility is that FortiClient, might not yet be recognized by Microsoft's database of safe software or it depends on your custom settings for Windows Defender to strictly detect executable files based on their behavior, since FortiClient has features that could flag it as a Trojan or a malware. As a result, Windows Defender may flag FortiClient on the side of caution.
You can consider whitelisting the installer in Windows Defender, but only if you downloaded the file from a legitimate source as mentioned in the following article:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-download-different-or-old-versions-...
Additionally, you can submit the file to Microsoft for review if you believe it is a false positive, allowing them to reclassify the software appropriately. You can submit the file at the following link:
https://www.microsoft.com/en-us/wdsi/filesubmission
Hello joack,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello joack,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
Hi @Umer221 , @Marcos_Hernandez ,
As FortiClient expert, do you maybe have an idea?
Thanks a lot in advance.
Regards,
Hello @joack007
One of the most common causes is a false positive, where antivirus software like Windows Defender mistakenly flags legitimate programs as malware. As long as FortiClient is downloaded from trusted sources, this could likely be the reason, as antivirus software sometimes overreacts to normal behavior in an executable file.
Another possibility is that FortiClient, might not yet be recognized by Microsoft's database of safe software or it depends on your custom settings for Windows Defender to strictly detect executable files based on their behavior, since FortiClient has features that could flag it as a Trojan or a malware. As a result, Windows Defender may flag FortiClient on the side of caution.
You can consider whitelisting the installer in Windows Defender, but only if you downloaded the file from a legitimate source as mentioned in the following article:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-download-different-or-old-versions-...
Additionally, you can submit the file to Microsoft for review if you believe it is a false positive, allowing them to reclassify the software appropriately. You can submit the file at the following link:
https://www.microsoft.com/en-us/wdsi/filesubmission
Thanks a lot Umer!!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.