Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
crogonint
New Contributor

Unexpected behavior

Current version FortiClient (6.0.9.0277), just installed it late last night / this morning. Under Notifications it says:

 

5/10/2020 3:20:59 PM Web Filter Blocked (Unknown): updates.logitech.com:80/logitech/controldevices/logioptions/8.10/logioptions/8.10.154/_w7/64/logioptions.exe.sig?dlu.uv=7.00.99999&dlu.han=logioptions&dlu.hav=8.10&dlu.hpn=logioptions&dlu.hpv=8.10.154&dlu.hpe=exe&dlu.uos=_w7&dlu.ubi=64&dlu.uid=9d9ad23ebe5024d24f14a370c12f1e6f&hcd1=c534&hcd2=4054 (C:\ProgramData\Logishrd\LogiOptions\Software\Current\Updater.exe)   Did you notice that it says that it blocked it because it is unknown? Double checking the Web Filter page, it says that Unrated is Allowed. None the less, right there at the bottom of the Unrated page, it says:

 Violations

Clear Violations URL                                 CATEGORY         TIME                              USER updates.logitech.com:80                            5/10/2020 3:20:59 PM    James I'm not real clear on what I SHOULD do. I mean, I'm pretty sure that the internet domain of a 30 year old hardware manufacturer ought to be on some sort of white list in the first place. For now though, I put this in the Exclusion list, so that it can check for my driver updates:

 Exclusion List

Add/remove pages from filteringAddRemoveEdit PERMISSION    TYPE       URL  (Allow)            URL        logitech.com Does that look right? I'm not seeing any clear instructions in the interface. I'm just guessing that allowing the root domain here will allow software to access a subdomain. I mean, TECHNICALLY, we.. you.. should have different Web Filters for what domains and IPs the web browser can access, what programs can access, and what the 'system' (system level permissions) can access.. However, I've learned over the years that using guesswork in a security application is a fools errand. ;)
2 REPLIES 2
crogonint
New Contributor

Recent Alerts 5/11/2020 12:32:02 AM Web Filter Blocked (Unknown): purchase.iobit.com/ (C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) 5/11/2020 12:32:02 AM Web Filter Blocked (Unknown): purchase.iobit.com/ (C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) 5/11/2020 12:20:17 AM Update No updates available 5/10/2020 11:51:12 PM Web Filter Blocked (Unknown): www.redhat.com/ (C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) 5/10/2020 11:37:21 PM Web Filter Blocked (Unknown): update.iobit.com/infofiles/su3/update.upt (C:\Program Files (x86)\IObit\Software Updater\AutoUpdate.exe)   I'm tagging the Web Filter as unusable, and disabling it. Strike one for FortiClient.
crogonint
New Contributor

URL CATEGORY TIME USER update.filepuma.com   5/11/2020 1:43:27 AM James update.googleapis.com   5/11/2020 1:38:25 AM James p17.zdassets.com   5/11/2020 1:33:25 AM James purchase.iobit.com   5/11/2020 1:33:25 AM James static.zdassets.com   5/11/2020 1:33:25 AM James support.heimdalsecurity.com   5/11/2020 1:33:25 AM James heimdalsecurity.com   5/11/2020 1:30:29 AM James coreservice.heimdalsecurity.com   5/11/2020 1:23:26 AM N/A www.filepuma.com   5/11/2020 1:02:02 AM James www.redhat.com   5/10/2020 11:51:14 PM James update.iobit.com   5/10/2020 11:37:21 PM James updates.logitech.com:80   5/10/2020 3:20:59 PM James Some of these are being blocked AFTER I disabled the Web Filter. Oh. My. God. 'Enable Site Categories' ignores my attempts to disable it, regardless of whether or not 'Web Filter' is enabled or disabled.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors