Solved

Apps found forti in s computer

Posted on 2016-10-04
13
43 Views
Last Modified: 2016-10-16
We have a computer about to cleanup of one of the users and found a series of apps in memoerh that we can't find what they are used for yet the user insist that it's used for outside personal access his PC at will (apps found in memory are are fcdblog, fchelper64, fortiesnsc, fortisslvpndaemon, forritray, scheduler).

Please advice what they used for.
0
Comment
Question by:rayluvs
  • 7
  • 3
  • 3
13 Comments
 

Author Comment

by:rayluvs
ID: 41828953
Another thing, the apps are all under  fortinet\forticlient folder (we know fortinet is a firewall, antivirus, etc.).  We are understand that these apps are not used for remote access from another computer to this one, as in TeamViewer, but want EE opinion so we can show our boss.
0
 
LVL 48

Expert Comment

by:dbrunton
ID: 41829112
0
 

Author Comment

by:rayluvs
ID: 41829116
Hahaha!

So ate you are saying that none of the apps, specially the SSL VPN, has nothing to do that permits outside computers to connect to the users?
0
 
LVL 48

Expert Comment

by:dbrunton
ID: 41829183
I only looked at a couple of files.

He could be using Fortinet as per the document here http://docs.fortinet.com/uploaded/files/1086/fortigate-ipsec-vpn-50.pdf  Forticlient is part of Fortinet.

If he is doing that then Yes, he may every well have a VPN installed to his own home computer.

Fortinet for the VPN and Forticlient for the malware protection.
0
 

Author Comment

by:rayluvs
ID: 41830590
ok, so we are clear that the apps in memory are all pertaining to fortinet, correct?

The apps are used for in his pc, which is a notebook who takes also home, for him to connect to another computer? Not the other way around, somebody else connect to his notebook?
0
 
LVL 48

Expert Comment

by:dbrunton
ID: 41830650
Well, don't know how he has it connected.  You have to take his word for that.

If he has his notebook at work he could be connecting from that to his home computer or another computer.  But if he takes it home why does he need Fortinet to connect to another computer at home?  A USB stick should be enough to transfer data.
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 

Author Comment

by:rayluvs
ID: 41831056
Think we didn't quite express our concerne.

The question is not "the notebook connecting to his home" or "if he is at home, he connects to another computer".  That is not concerne.  When we said in the the question that  "user insist that it's used for outside personal access his PC at will", what we meant is that user insist that someone else outside his home or office are using the fortinet apps installed in his notebook so they can connect to his notebook without his knowledge; like monitoring him.

Our little experience inclines that this is not the case.  And by your expert comments, it suggest that we are correct, that the apps described in our question cannot be used for another person outside the notebook to connect to his and monitor him.

Hope we cleared up our concerne.

That said, do you think that the fortinetclient apps installed in his notebook can be used by somebody outside his notebook and connect to his computer?
0
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 500 total points
ID: 41835164
The FortiClient needs to have an open connection, which is clearly visible. Otherwise it cannot be used. Usually the connection needs to be initiated manually; I cannot remember if you can set it up as always on.
Even if connected, the connection usually allows for access from the client to the remote network only, but the details can be set up in the remote FortiGate.
And this connection can only be a very specific one, to exactly one remote FortiGate.

It's very unlikely the FortiClient is used that way. And the user has full control whether the connection is open or not.
0
 

Author Comment

by:rayluvs
ID: 41835175
So the user may have been correct in his insistence in checking this out.

Question,
How can we know the connection has been initiated? Or is it automatic or manually?

Is there a way to verify in the remote FortiGate that it has been set that way?

Finally, if we find that is initiated, what would the apps be monitoring? Or as the question states,  what are they used for?

Thank you.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 41835180
I'm not getting this. You clearly know which the remote FortiGate is. The user should know who installed and set up the client. If there is no purpose for the VPN, it is misused.

With an open VPN connection, all traffic can be redirected to pass the VPN. That traffic can be monitored that way. But no process control, screenwriting, local files or whatever else are in direct reach. To get at the file system, sharing needs to be enabled, and valid credentials used.

An open VPN connection is visible by looking at the tray icon.
0
 

Author Comment

by:rayluvs
ID: 41835201
Sorry if we mislead you to understand that we know which the remote FortiGate is; we don't (the reason for the question).  The user also doesn't known because as he puts it, he just gives his PC to the tech when there is trouble and also he has lent his PC to his associates (yes, the user is not technically security prone); the reason for our question.

Also according to the users he has never connected to us office remotely, so maybe there is a misuse?

So with an open VPN connection, his PC can be monitored and when you say "no process control" you mean that the malignant remite user cannot control the PC?
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 41835296
All you need to do is look into the VPN configuration. The remote gateway is noted with IP or DNS name, and that should allow to track where it belongs to. I assume you want to know that?! Otherwise just remove the client

And regarding monitoring. the VPN could be the means to connect to a local process, which is able to perform monitoring of any kind. That is, there needs to be another process, but it could get started using the VPN connection - maybe.
0
 

Author Comment

by:rayluvs
ID: 41841374
We haven't been on the computer either apps to try he recommendations until tomorrow.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now