this is for sure no direct problem of Fortinet, but I hope, that some of you had this issue in the past. We have got 2 clients, which periodically (not at a fixed time, but every 2-3 days in the week) try to connect to xxx sites. The connections get initiated every 1-4 seconds. In this timespan numerous xxx sites try to get opened, but our Fortigate blocks the connection attempt cause of web-filtering.
In first instance we scanned the clients for malware, we scanned for browser hijackers, we did a browser-clean-up / reset, but the behaviour appears again.
The user insists that he is not trying to open such sites, which seems to be right, cause he cannot open different sites every second.
For me it seems like that there is some kind of automatism opening these sites. Perhaps its a webpage which can be opened from the userside and then the webpage tries to open these sites.
My concern: How can I track down these problem? I am using forticloud, but can not see any pattern for this case.
Thanks a lot!