Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Apps found forti in s computer

Posted on 2016-10-04
13
Medium Priority
?
51 Views
Last Modified: 2016-10-16
We have a computer about to cleanup of one of the users and found a series of apps in memoerh that we can't find what they are used for yet the user insist that it's used for outside personal access his PC at will (apps found in memory are are fcdblog, fchelper64, fortiesnsc, fortisslvpndaemon, forritray, scheduler).

Please advice what they used for.
0
Comment
Question by:rayluvs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 3
13 Comments
 

Author Comment

by:rayluvs
ID: 41828953
Another thing, the apps are all under  fortinet\forticlient folder (we know fortinet is a firewall, antivirus, etc.).  We are understand that these apps are not used for remote access from another computer to this one, as in TeamViewer, but want EE opinion so we can show our boss.
0
 
LVL 49

Expert Comment

by:dbrunton
ID: 41829112
0
 

Author Comment

by:rayluvs
ID: 41829116
Hahaha!

So ate you are saying that none of the apps, specially the SSL VPN, has nothing to do that permits outside computers to connect to the users?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 49

Expert Comment

by:dbrunton
ID: 41829183
I only looked at a couple of files.

He could be using Fortinet as per the document here http://docs.fortinet.com/uploaded/files/1086/fortigate-ipsec-vpn-50.pdf  Forticlient is part of Fortinet.

If he is doing that then Yes, he may every well have a VPN installed to his own home computer.

Fortinet for the VPN and Forticlient for the malware protection.
0
 

Author Comment

by:rayluvs
ID: 41830590
ok, so we are clear that the apps in memory are all pertaining to fortinet, correct?

The apps are used for in his pc, which is a notebook who takes also home, for him to connect to another computer? Not the other way around, somebody else connect to his notebook?
0
 
LVL 49

Expert Comment

by:dbrunton
ID: 41830650
Well, don't know how he has it connected.  You have to take his word for that.

If he has his notebook at work he could be connecting from that to his home computer or another computer.  But if he takes it home why does he need Fortinet to connect to another computer at home?  A USB stick should be enough to transfer data.
0
 

Author Comment

by:rayluvs
ID: 41831056
Think we didn't quite express our concerne.

The question is not "the notebook connecting to his home" or "if he is at home, he connects to another computer".  That is not concerne.  When we said in the the question that  "user insist that it's used for outside personal access his PC at will", what we meant is that user insist that someone else outside his home or office are using the fortinet apps installed in his notebook so they can connect to his notebook without his knowledge; like monitoring him.

Our little experience inclines that this is not the case.  And by your expert comments, it suggest that we are correct, that the apps described in our question cannot be used for another person outside the notebook to connect to his and monitor him.

Hope we cleared up our concerne.

That said, do you think that the fortinetclient apps installed in his notebook can be used by somebody outside his notebook and connect to his computer?
0
 
LVL 71

Assisted Solution

by:Qlemo
Qlemo earned 2000 total points
ID: 41835164
The FortiClient needs to have an open connection, which is clearly visible. Otherwise it cannot be used. Usually the connection needs to be initiated manually; I cannot remember if you can set it up as always on.
Even if connected, the connection usually allows for access from the client to the remote network only, but the details can be set up in the remote FortiGate.
And this connection can only be a very specific one, to exactly one remote FortiGate.

It's very unlikely the FortiClient is used that way. And the user has full control whether the connection is open or not.
0
 

Author Comment

by:rayluvs
ID: 41835175
So the user may have been correct in his insistence in checking this out.

Question,
How can we know the connection has been initiated? Or is it automatic or manually?

Is there a way to verify in the remote FortiGate that it has been set that way?

Finally, if we find that is initiated, what would the apps be monitoring? Or as the question states,  what are they used for?

Thank you.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 41835180
I'm not getting this. You clearly know which the remote FortiGate is. The user should know who installed and set up the client. If there is no purpose for the VPN, it is misused.

With an open VPN connection, all traffic can be redirected to pass the VPN. That traffic can be monitored that way. But no process control, screenwriting, local files or whatever else are in direct reach. To get at the file system, sharing needs to be enabled, and valid credentials used.

An open VPN connection is visible by looking at the tray icon.
0
 

Author Comment

by:rayluvs
ID: 41835201
Sorry if we mislead you to understand that we know which the remote FortiGate is; we don't (the reason for the question).  The user also doesn't known because as he puts it, he just gives his PC to the tech when there is trouble and also he has lent his PC to his associates (yes, the user is not technically security prone); the reason for our question.

Also according to the users he has never connected to us office remotely, so maybe there is a misuse?

So with an open VPN connection, his PC can be monitored and when you say "no process control" you mean that the malignant remite user cannot control the PC?
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 41835296
All you need to do is look into the VPN configuration. The remote gateway is noted with IP or DNS name, and that should allow to track where it belongs to. I assume you want to know that?! Otherwise just remove the client

And regarding monitoring. the VPN could be the means to connect to a local process, which is able to perform monitoring of any kind. That is, there needs to be another process, but it could get started using the VPN connection - maybe.
0
 

Author Comment

by:rayluvs
ID: 41841374
We haven't been on the computer either apps to try he recommendations until tomorrow.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question