- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- dial/egroup.l a false positive???
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 10-09-2005 12:07 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dial/egroup.l a false positive???
We have had several of our clients and many of our own computers allegedly infected with " dial/egroup.l" . Unfortunately, the Fortinet antivirus website has almost no information on this, and we don' t see anything on the other antivirus vendor' s websites with this name.
From the point of Forticlient AV detecting the alleged bad stuff in countless DLLs, several programs, not surprisingly, won' t run. Browsers don' t work, and no Microsoft Office (2003) software runs. If we disable the Forticlient Realtime AV, then restart the computer in " safe mode with networking" and do a full scan on Trend Micro' s site, we get nothing detected. McAfee and others don' t detect anything.
My suspicion is that this is a false positive. This " infection" is happening on far too many machines simultaneously, including many that are firewalled and behind a FG100/FG60 and never leave the office.
Has anyone else experienced this?
As I investigate this further, I' ll update this thread.
Cheers,
Chris
4 REPLIES 4
Not applicable
Created on 10-09-2005 12:53 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Some further information on this issue.
Machines experiencing alleged " virus" :
* Forticlient virus definitions: 6.96
Machines not experiencing alleged " virus" :
* Forticlient virus definitions: 6.94
I will update everyone as we learn more.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Chris,
I also have the problem, but just on certain machines even though all have the same 6.96 version of virus definitions.
Ron
Not applicable
Created on 10-09-2005 03:21 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have now completed full online " safe mode with networking" system scans on Trend Micro, Panda AV, and Kaspersky and all show the system is completely clean. I have uploaded alleged infected files to multiple online vendors via the interface at http://virusscan.jotti.org/ and all vendors including Fortinet show no infection.
Furthermore, disabling the " Realtime AV Protection" and forcing an update brings down version 6.97 and re-enabling the realtime protection does not have this problem. We further tested 6.95 and 6.96 and had this issue. All machines updated to 6.97 are fine.
What testing does Fortinet actually do on these definitions before they' re unleashed on the world at large? This is the second time in recent history that their antivirus definitions have been buggy. This one was far worse because it was even detecting Forticlient DLLs as being infected, and prevented it from running. For us, this bug affected dozens of computers and resulted in countless hours of lost productivity.
We' re seriously considering uninstalling the Forticlient AV component and recommending to our clients that they go back to McAfee or someone else. The status quo is absolutely unacceptable. Fortinet: are you listening???
Regards,
Chris
Not applicable
Created on 11-04-2005 10:32 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Interesting that there hasn' t been a reply to this. I' ll tell you what I found to work better: Disable hueristic scanning. That is what was popping off on MS Office 2003 on my machines.
Related Posts
- DoS policy in FortiGate 507 Views
- Phishing false positive affects my domain 152 Views
- Forticlient Radius Authentication Across IPSEC Tunnel 365 Views
- upd_act_update[515]-won't retry due to install error 319 Views
- System file integrity check failed 521 Views
Labels
-
FortiGate
6,622 -
FortiClient
1,319 -
5.2
801 -
5.4
639 -
FortiManager
573 -
FortiAnalyzer
418 -
6.0
416 -
5.6
362 -
FortiSwitch
340 -
FortiAP
337 -
FortiClient EMS
269 -
6.2
251 -
FortiMail
249 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
152 -
6.4
128 -
FortiNAC
108 -
FortiGuard
104 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
75 -
FortiToken
72 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
63 -
Wireless Controller
58 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
SD-WAN
29 -
Firewall policy
26 -
FortiConnect
24 -
High Availability
22 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
FortiPortal
18 -
FortiAuthenticator
18 -
ZTNA
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
DNS
13 -
FortiGate v5.0
13 -
Interface
13 -
FortiDDoS
13 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
LDAP
11 -
VDOM
11 -
Logging
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
SSO
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.