- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
antivirus keep detecting unknown virus/botnet
We using 100D, at last week , out of sudden the antivirus keep detecting unknown virus/botnet cause the firewall block all internet access, and we notice the antivirus keep updating the definition therefore we change the antivirus become monitor only, now the antivirus update running each 10 minutes but the antivirus still detecting unknown. Is there anyway to solve the issue?
- Labels:
-
5.2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just an update, my case has been escalated to L2 support last week. The provided me with an updated AV engine which I have installed, will update once testing is completed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Final Update. TAC instructed me to wipe the device and reload the image via TFTP. Could not really provide an explanation of why this happened.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In my scenario this didn't solved the problem:
2 FGT80C in cluster:
- backed up configs
- format boot
- upload FW image via TFTP
- format log disk
- restore config from backup
- recheck gui configs (AV logs won't appear until you force them via cli command "diag log test" )
Still unknown virus legitimate and clean email are blocked.
ruan.kotze wrote:Final Update. TAC instructed me to wipe the device and reload the image via TFTP. Could not really provide an explanation of why this happened.
zaskarThanks --------------------------------------------- Marco Scala Fortigate-200 2.80,build489,051027
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I also did format/image upload via TFTP. Nothing changed.
TAC is now sure that it is a bug in my case:
"The issue you are facing was reported as bug :0228168 We are currently waiting more inform from dev team regarding fix/workaround."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same problem with 90D POE variant. This happend after losing one of the internet connections with WAN Link Load Balancing enabled.
Running version: 5.2.2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same issue with FG 40C, any update please.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same issue here on FortiWifi90D. Happened after configuring multiple VDOMS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After changing to a multi-VDOM architecture, I began getting the pop-up shown below from my browser. All internet access for my workstation stops. The URL in the message is always the URL I'm trying to use. I get this issue intermittently on different machines connecting to the internet through the FG. Not all systems at the same time but seperate systems at random. This has been happening on and off for a couple of weeks. On Wifi devices like iPads, if i disable the wifi on the iPad and re-enable it, internet access starts working again. Today when a laptop experienced the issue, I found that going into the Fortigate configuration and changing the: "Security Profiles-AntiVirus-"Detect Connections to Botnet C&C Servers" setting from "Block" to "Monitor" seemed to make the laptop start working again. Not sure if simply making a configuration change in general triggers a correction but I'll continue to monitor and let the group know.
FWF90D running 5.2 GA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well it happened again. This time while internet access attempts resulted in displaying the block message, I made a totally unrelated configuration change and my internet started working again. It appears as if applying any change to the Fortigate will re-instate internet access.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reading this thread makes me really nervous about upgrading to 5.2. For those of you who opened a ticket with Fortinet, are they giving you any confirmation of a bug or an idea of how to fix it?