Apps found forti in s computer

We have a computer about to cleanup of one of the users and found a series of apps in memoerh that we can't find what they are used for yet the user insist that it's used for outside personal access his PC at will (apps found in memory are are fcdblog, fchelper64, fortiesnsc, fortisslvpndaemon, forritray, scheduler).

Please advice what they used for.
rayluvsAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
QlemoConnect With a Mentor Batchelor, Developer and EE Topic AdvisorCommented:
All you need to do is look into the VPN configuration. The remote gateway is noted with IP or DNS name, and that should allow to track where it belongs to. I assume you want to know that?! Otherwise just remove the client

And regarding monitoring. the VPN could be the means to connect to a local process, which is able to perform monitoring of any kind. That is, there needs to be another process, but it could get started using the VPN connection - maybe.
0
 
rayluvsAuthor Commented:
Another thing, the apps are all under  fortinet\forticlient folder (we know fortinet is a firewall, antivirus, etc.).  We are understand that these apps are not used for remote access from another computer to this one, as in TeamViewer, but want EE opinion so we can show our boss.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
rayluvsAuthor Commented:
Hahaha!

So ate you are saying that none of the apps, specially the SSL VPN, has nothing to do that permits outside computers to connect to the users?
0
 
dbruntonCommented:
I only looked at a couple of files.

He could be using Fortinet as per the document here http://docs.fortinet.com/uploaded/files/1086/fortigate-ipsec-vpn-50.pdf  Forticlient is part of Fortinet.

If he is doing that then Yes, he may every well have a VPN installed to his own home computer.

Fortinet for the VPN and Forticlient for the malware protection.
0
 
rayluvsAuthor Commented:
ok, so we are clear that the apps in memory are all pertaining to fortinet, correct?

The apps are used for in his pc, which is a notebook who takes also home, for him to connect to another computer? Not the other way around, somebody else connect to his notebook?
0
 
dbruntonCommented:
Well, don't know how he has it connected.  You have to take his word for that.

If he has his notebook at work he could be connecting from that to his home computer or another computer.  But if he takes it home why does he need Fortinet to connect to another computer at home?  A USB stick should be enough to transfer data.
0
 
rayluvsAuthor Commented:
Think we didn't quite express our concerne.

The question is not "the notebook connecting to his home" or "if he is at home, he connects to another computer".  That is not concerne.  When we said in the the question that  "user insist that it's used for outside personal access his PC at will", what we meant is that user insist that someone else outside his home or office are using the fortinet apps installed in his notebook so they can connect to his notebook without his knowledge; like monitoring him.

Our little experience inclines that this is not the case.  And by your expert comments, it suggest that we are correct, that the apps described in our question cannot be used for another person outside the notebook to connect to his and monitor him.

Hope we cleared up our concerne.

That said, do you think that the fortinetclient apps installed in his notebook can be used by somebody outside his notebook and connect to his computer?
0
 
QlemoConnect With a Mentor Batchelor, Developer and EE Topic AdvisorCommented:
The FortiClient needs to have an open connection, which is clearly visible. Otherwise it cannot be used. Usually the connection needs to be initiated manually; I cannot remember if you can set it up as always on.
Even if connected, the connection usually allows for access from the client to the remote network only, but the details can be set up in the remote FortiGate.
And this connection can only be a very specific one, to exactly one remote FortiGate.

It's very unlikely the FortiClient is used that way. And the user has full control whether the connection is open or not.
0
 
rayluvsAuthor Commented:
So the user may have been correct in his insistence in checking this out.

Question,
How can we know the connection has been initiated? Or is it automatic or manually?

Is there a way to verify in the remote FortiGate that it has been set that way?

Finally, if we find that is initiated, what would the apps be monitoring? Or as the question states,  what are they used for?

Thank you.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
I'm not getting this. You clearly know which the remote FortiGate is. The user should know who installed and set up the client. If there is no purpose for the VPN, it is misused.

With an open VPN connection, all traffic can be redirected to pass the VPN. That traffic can be monitored that way. But no process control, screenwriting, local files or whatever else are in direct reach. To get at the file system, sharing needs to be enabled, and valid credentials used.

An open VPN connection is visible by looking at the tray icon.
0
 
rayluvsAuthor Commented:
Sorry if we mislead you to understand that we know which the remote FortiGate is; we don't (the reason for the question).  The user also doesn't known because as he puts it, he just gives his PC to the tech when there is trouble and also he has lent his PC to his associates (yes, the user is not technically security prone); the reason for our question.

Also according to the users he has never connected to us office remotely, so maybe there is a misuse?

So with an open VPN connection, his PC can be monitored and when you say "no process control" you mean that the malignant remite user cannot control the PC?
0
 
rayluvsAuthor Commented:
We haven't been on the computer either apps to try he recommendations until tomorrow.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.