Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Stopping EMOTET & TRICKBOT malware

Does Fortigate stop Emotet & Trickbot malware from entering into our environment?


New Contributor


in my opinion it is very important that you activate "Redirect botnet C&C requests to Block Portal" in DNS filters (and use it in your policies), additionally SSL-deep-inspection is a must-have. But it is not only a firewall-thing to stop Emotet. As the trojan comes with documents (XLSx, DOCx for example), you also have to watch you "Office-Settings". E.g. do not activate macros automatically. Or even block Emails with macro-documents in the attachment.


If you are in a corporate environment, you have to continuously inform your users too.


We  had 4-5 times were a user activated the macro (by clicking on activate content). The fortigate then blocks the connection attempt to the "hackers" server (Botnet) and was not able to download additional "bad things". So we had a lot of luck  to have a Fortigate-unit.


Just my 2 cents!


OMG, this problems always appears when you don't even expect it. I hate viruses and this kind of malware. First of all, virus destroys your software and makes it delete your files, memory and so on, till it will be blank on there. It is the worst thing ever... I had several times such problem and now I know for sure what should you do. You need to clean your registry with one of dedicated tools. It will give you the possibility to secure your software in the future as well. There are several good services that professionally clean these tools. I used this one

Honored Contributor

Well I think the only suitable way to prevent you from those is to forbid a bunch of extensions for mail attachements. They all come with compromitted documents or similar.

We here have forbidden a load of those file formats in email extensions and since then (about 2yrs) we didn't have not a single Infection with those.

False positive do occur of course but in this case the user has to inform us and we check that mail and if we approve that is a false positive and has no infection we permit the mail to go to the user.

We do that directly on our external mailserver.


This is the main main entrance for all the scare- and ransomware stuff! Probavly you could also handle that with the FortiGate's Mailfilter.


"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Top Kudoed Authors