Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aardav
New Contributor

How to DIsable FortiClient Real Time Protecetion with Registry Key???????

We are trying to roll out some updates with ZenWorks but we are not able to with FortiClient enabled. Is there away to disable real time protection with a registry key or through a command line?

Thanks,

aardav

5 REPLIES 5
Chris_Lin_FTNT

registry key shall be FA_FMON\enabled=0

Zeihold_von_SSL
New Contributor

We have the exact same situation. We want to disable the realtime protection for a short period of time (a software rollout).

 

Our FortiClients are centrally managed via our FortiGate. Sadly we are unable (even with the following command to change the reg key value.

[code lang=vb]psexec -s reg add "HKLM\SOFTWARE\Wow6432Node\Fortinet\FortiClient\FA_FMON" /v enabled /d 0 /f)

 

Is there a command line prompt the tell the FortiClient to disable the realtime protection?

Regards Rene ---

[size="1"]FCNSA.v5, FCNSP.v5, FCESP[/size]

Home: FWF60D FortiAP 220B Office: FWF60C, FWF60D, FGT110C, FGT200B, FortiManager, FortiAnalyzer, FortiAP 220B

Regards Rene --- [size="1"]FCNSA.v5, FCNSP.v5, FCESP[/size] Home: FWF60D FortiAP 220B Office: FWF60C, FWF60D, FGT110C, FGT200B, FortiManager, FortiAnalyzer, FortiAP 220B
GusTech
Contributor II

Is there a command line prompt the tell the FortiClient to disable the realtime protection?

 

I have no FortiClient with me now that I can check.

However, if AV is running as a service? you can stop the service .

Net stop servicename
Net start servicename

 

You can do this through psexec

Fortigate <3

Fortigate <3
Zeihold_von_SSL
New Contributor

Sorry, but that is also not possible.

 

The "FortiClient Service Scheduler" (Service Name = FA_Scheduler) is as well "proteced" as the reg keys are.

 

I also can't kill the fmon process because a new fmon process spawns instantly.

 

Fortinet does a hell of a job to guard a running FortiClient to prevent disabling the whole client or at least some of its features.

 

Normaly I would say: Hey, thats good, because it shouldn't be disabled. But as we can see, there are reasons to temporarily disable some/all features.

Regards Rene ---

[size="1"]FCNSA.v5, FCNSP.v5, FCESP[/size]

Home: FWF60D FortiAP 220B Office: FWF60C, FWF60D, FGT110C, FGT200B, FortiManager, FortiAnalyzer, FortiAP 220B

Regards Rene --- [size="1"]FCNSA.v5, FCNSP.v5, FCESP[/size] Home: FWF60D FortiAP 220B Office: FWF60C, FWF60D, FGT110C, FGT200B, FortiManager, FortiAnalyzer, FortiAP 220B
Chris_Lin_FTNT

How about a regular FortiClient config restore.

 

You create a partial config that disable real-time protection, then restore it in administrative command line. Try fcconfig --help for detail format.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors