Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jaime_yvw
New Contributor

Created on ‎11-29-2023 03:17 PM

FortiClient and FortiEDR detection inconsistencies

Hi Everyone,

 

Our company is running FortiEDR and FortiClient.  FortiEDR detected AsyncRAT and WGZ!tr on one of the workstations.   In FortiEDR, the device was moved to the High-Security Collector Group with the protection enabled. However, the vulnerability scan using FortiClient Endpoint did not detect the AsycRAT and WGZ!tr. 

 

What can cause these inconsistencies and how do we resolve this?   Thanks for your responses.

Labels:
1225
0 Kudos
1 Solution
btan
Staff
Staff

Created on ‎12-07-2023 12:54 AM

Hi Jaime,

FortiClient (FCT) and EDR works differently in scanning, which can be one of the reason.

 

FCT needs to get virus signature from FortiGuard, and EDR works by sending the details to Aggregator to process. Cloud service by EDR is usually kept up to date, but this may not be the case for FCT. The endpoint FCT by default attempt to get updates from FortiGuard every hour, if for whatever reason if it kept failing, we will have to look at it.

You can perform a search about the virus/malware in fortiguard.com, there are many variations of AsyncRAT and WGZ!tr.
For example, this https://www.fortiguard.com/encyclopedia/virus/10147915 is covered in EDR, is covered in FCT but only when there is extended signature database.

Regards,
Bon

View solution in original post

1139
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Created on ‎12-03-2023 10:00 PM

Hello jaime,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
1167
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎12-06-2023 09:25 PM

Hello jaime,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
1151
0 Kudos
btan
Staff
Staff

Created on ‎12-07-2023 12:54 AM

Hi Jaime,

FortiClient (FCT) and EDR works differently in scanning, which can be one of the reason.

 

FCT needs to get virus signature from FortiGuard, and EDR works by sending the details to Aggregator to process. Cloud service by EDR is usually kept up to date, but this may not be the case for FCT. The endpoint FCT by default attempt to get updates from FortiGuard every hour, if for whatever reason if it kept failing, we will have to look at it.

You can perform a search about the virus/malware in fortiguard.com, there are many variations of AsyncRAT and WGZ!tr.
For example, this https://www.fortiguard.com/encyclopedia/virus/10147915 is covered in EDR, is covered in FCT but only when there is extended signature database.

Regards,
Bon
1140
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.