- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Forticlient Installer seen as 'Trojan:Win32/SuspServiceBin.A!cl' by Windows Defender
Hello all,
The past night Forticlient 7.0.1 update was pushed via EMS and now inside of Defender we are seeing multiple endpoints reporting that:
Defender detected and terminated active 'Trojan:Win32/SuspServiceBin.A!cl' in process 'FortiClientSetup_7.0.1_x64.exe'
It is also saying that:
FortiClientSetup_7.0.1_x64.exe - 'SuspServiceBin' malware was detected and was active
I know I can whitelist what I need to in defender, but I want to know if anyone else has come across this/seen this to get a better understanding as to why this would be.
Solved! Go to Solution.
- Labels:
-
FortiClient
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @joack007
One of the most common causes is a false positive, where antivirus software like Windows Defender mistakenly flags legitimate programs as malware. As long as FortiClient is downloaded from trusted sources, this could likely be the reason, as antivirus software sometimes overreacts to normal behavior in an executable file.
Another possibility is that FortiClient, might not yet be recognized by Microsoft's database of safe software or it depends on your custom settings for Windows Defender to strictly detect executable files based on their behavior, since FortiClient has features that could flag it as a Trojan or a malware. As a result, Windows Defender may flag FortiClient on the side of caution.
You can consider whitelisting the installer in Windows Defender, but only if you downloaded the file from a legitimate source as mentioned in the following article:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-download-different-or-old-versions-...
Additionally, you can submit the file to Microsoft for review if you believe it is a false positive, allowing them to reclassify the software appropriately. You can submit the file at the following link:
https://www.microsoft.com/en-us/wdsi/filesubmission
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello joack,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello joack,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Umer221 , @Marcos_Hernandez ,
As FortiClient expert, do you maybe have an idea?
Thanks a lot in advance.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @joack007
One of the most common causes is a false positive, where antivirus software like Windows Defender mistakenly flags legitimate programs as malware. As long as FortiClient is downloaded from trusted sources, this could likely be the reason, as antivirus software sometimes overreacts to normal behavior in an executable file.
Another possibility is that FortiClient, might not yet be recognized by Microsoft's database of safe software or it depends on your custom settings for Windows Defender to strictly detect executable files based on their behavior, since FortiClient has features that could flag it as a Trojan or a malware. As a result, Windows Defender may flag FortiClient on the side of caution.
You can consider whitelisting the installer in Windows Defender, but only if you downloaded the file from a legitimate source as mentioned in the following article:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-download-different-or-old-versions-...
Additionally, you can submit the file to Microsoft for review if you believe it is a false positive, allowing them to reclassify the software appropriately. You can submit the file at the following link:
https://www.microsoft.com/en-us/wdsi/filesubmission
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks a lot Umer!!
![](/skins/images/03B6F9D09B0B73D4E0068FD5D5412A2D/responsive_peak/images/icon_anonymous_message.png)