Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
khoo
New Contributor

antivirus keep detecting unknown virus/botnet

We using 100D, at last week , out of sudden the antivirus keep detecting unknown virus/botnet cause the firewall block all internet access, and we notice the antivirus keep updating the definition therefore we change the antivirus become monitor only, now the antivirus update running each 10 minutes but the antivirus still detecting unknown. Is there anyway to solve the issue?

33 REPLIES 33
namitguy
New Contributor

Just an update, my case has been escalated to L2 support last week.  The provided me with an updated AV engine which I have installed, will update once testing is completed.

namitguy
New Contributor

Final Update.  TAC instructed me to wipe the device and reload the image via TFTP.  Could not really provide an explanation of why this happened.

zaskar

In my scenario this didn't solved the problem: 

2 FGT80C in cluster:

- backed up configs

- format boot

- upload FW image via TFTP

- format log disk

- restore config from backup

- recheck gui configs (AV logs won't appear until you force them via cli command "diag log test" )

 

Still unknown virus legitimate and clean email are blocked. 

 

ruan.kotze wrote:

Final Update.  TAC instructed me to wipe the device and reload the image via TFTP.  Could not really provide an explanation of why this happened.

zaskarThanks --------------------------------------------- Marco Scala Fortigate-200 2.80,build489,051027

zaskarThanks --------------------------------------------- Marco Scala Fortigate-200 2.80,build489,051027
ljanos
New Contributor

I also did format/image upload via TFTP. Nothing changed.

TAC is now sure that it is a bug in my case:

 

"The issue you are facing was reported as bug :0228168 We are currently waiting more inform from dev team regarding fix/workaround."

 

 

Jeroen
Contributor

I have the same problem with 90D POE variant. This happend after losing one of the internet connections  with WAN Link Load Balancing enabled.

 

Running version: 5.2.2

Mossab
New Contributor

I have the same issue with FG 40C, any update please.

Huey
New Contributor III

Same issue here on FortiWifi90D.  Happened after configuring multiple VDOMS

Layer8 Consulting

http://www.L8C.com

 

Layer8 Consulting http://www.L8C.com
Huey
New Contributor III

After changing to a multi-VDOM architecture, I began getting the pop-up shown below from my browser. All internet access for my workstation stops. The URL in the message is always the URL I'm trying to use. I get this issue intermittently on different machines connecting to the internet through the FG. Not all systems at the same time but seperate systems at random. This has been happening on and off for a couple of weeks. On Wifi devices like iPads, if i disable the wifi on the iPad and re-enable it, internet access starts working again. Today when a laptop experienced the issue, I found that going into the Fortigate configuration and changing the: "Security Profiles-AntiVirus-"Detect Connections to Botnet C&C Servers" setting from "Block" to "Monitor" seemed to make the laptop start working again. Not sure if simply making a configuration change in general triggers a correction but I'll continue to monitor and let the group know.

 

FWF90D running 5.2 GA

Layer8 Consulting

http://www.L8C.com

 

Layer8 Consulting http://www.L8C.com
Huey
New Contributor III

Well it happened again.  This time while internet access attempts resulted in displaying the block message, I made a totally unrelated configuration change and my internet started working again.  It appears as if applying any change to the Fortigate will re-instate internet access.

Layer8 Consulting

http://www.L8C.com

 

Layer8 Consulting http://www.L8C.com
FortiAdam
Contributor II

Reading this thread makes me really nervous about upgrading to 5.2.  For those of you who opened a ticket with Fortinet, are they giving you any confirmation of a bug or an idea of how to fix it?

Top Kudoed Authors