I've been having difficulty installing FortiClient via EMS on Windows clients. I realized that a problem could be the Windows smartscreen.
Through EMS it is possible to import an ssl certificate to be able to sign FortiClient packages.
Through this procedure I created the certificate template, issued it and imported it on EMS:
Create a code signing cert for Windows Defender Application Control
I then tried installing the package on a client but the smartscreen continues to prevent the installation from starting until you hit run anyway.
The certificate chain is present on all Servers/Clients.
Could the problem be too narrow smart screen settings?
thanks in advance for your sharing.
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Please note that EMS does not have any settings for Windows SmartScreen:
For now, you can disable Windows SmartScreen only.
Windows SmartScreen settings in EMS would be a new feature request. Please contact Fortinet regional sales partner channel and make this feature request.
Or Fortinet Local Sale Engineer
The first error indicates that the application being installed is not signed, for this reason I issued and installed the ssl certificate to sign the FortiClient package.
I thought it would help, but we have noticed that the SmartScreen keeps crashing the installation reporting the same problem.
The next error states "Microsoft Defender SmartScreen prevented an unrecognized app from starting."
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.