Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Zeus BOT - real or false positive

Running the latest Fortigate OS with features such as block Botnet traffic enabled I am seeing intermittent low profile blocks labelled Zeus, this has appeared from 3 sources but outgoing web or IP addresses are different Dst ( Dst Virus Zeus I have scanned each source machine within an inch of their lives with Sophos and various root kit revealers but have found nothing. Is this a feature of the new OS and specifically the Block Connections to Botnet Servers feature?

Block botnet is about block traffic to certain destination, such as some address already been suspicious as Zeus. Your source may or may not contain malware.

We had exactly the same problem with a pure forwarding server from a big webhoster. After they checked their server and couldn' t find anything, we decided to disable the " Block Connections to Botnet Servers" feature. I' m still waiting for a reply from Fortinet for this opened ticket since 2 weeks now.
Top Kudoed Authors