Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Apps found forti in s computer

Posted on 2016-10-04
13
Medium Priority
?
54 Views
Last Modified: 2016-10-16
We have a computer about to cleanup of one of the users and found a series of apps in memoerh that we can't find what they are used for yet the user insist that it's used for outside personal access his PC at will (apps found in memory are are fcdblog, fchelper64, fortiesnsc, fortisslvpndaemon, forritray, scheduler).

Please advice what they used for.
0
Comment
Question by:rayluvs
  • 7
  • 3
  • 3
13 Comments
 

Author Comment

by:rayluvs
ID: 41828953
Another thing, the apps are all under  fortinet\forticlient folder (we know fortinet is a firewall, antivirus, etc.).  We are understand that these apps are not used for remote access from another computer to this one, as in TeamViewer, but want EE opinion so we can show our boss.
0
 
LVL 50

Expert Comment

by:dbrunton
ID: 41829112
0
 

Author Comment

by:rayluvs
ID: 41829116
Hahaha!

So ate you are saying that none of the apps, specially the SSL VPN, has nothing to do that permits outside computers to connect to the users?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 50

Expert Comment

by:dbrunton
ID: 41829183
I only looked at a couple of files.

He could be using Fortinet as per the document here http://docs.fortinet.com/uploaded/files/1086/fortigate-ipsec-vpn-50.pdf  Forticlient is part of Fortinet.

If he is doing that then Yes, he may every well have a VPN installed to his own home computer.

Fortinet for the VPN and Forticlient for the malware protection.
0
 

Author Comment

by:rayluvs
ID: 41830590
ok, so we are clear that the apps in memory are all pertaining to fortinet, correct?

The apps are used for in his pc, which is a notebook who takes also home, for him to connect to another computer? Not the other way around, somebody else connect to his notebook?
0
 
LVL 50

Expert Comment

by:dbrunton
ID: 41830650
Well, don't know how he has it connected.  You have to take his word for that.

If he has his notebook at work he could be connecting from that to his home computer or another computer.  But if he takes it home why does he need Fortinet to connect to another computer at home?  A USB stick should be enough to transfer data.
0
 

Author Comment

by:rayluvs
ID: 41831056
Think we didn't quite express our concerne.

The question is not "the notebook connecting to his home" or "if he is at home, he connects to another computer".  That is not concerne.  When we said in the the question that  "user insist that it's used for outside personal access his PC at will", what we meant is that user insist that someone else outside his home or office are using the fortinet apps installed in his notebook so they can connect to his notebook without his knowledge; like monitoring him.

Our little experience inclines that this is not the case.  And by your expert comments, it suggest that we are correct, that the apps described in our question cannot be used for another person outside the notebook to connect to his and monitor him.

Hope we cleared up our concerne.

That said, do you think that the fortinetclient apps installed in his notebook can be used by somebody outside his notebook and connect to his computer?
0
 
LVL 71

Assisted Solution

by:Qlemo
Qlemo earned 2000 total points
ID: 41835164
The FortiClient needs to have an open connection, which is clearly visible. Otherwise it cannot be used. Usually the connection needs to be initiated manually; I cannot remember if you can set it up as always on.
Even if connected, the connection usually allows for access from the client to the remote network only, but the details can be set up in the remote FortiGate.
And this connection can only be a very specific one, to exactly one remote FortiGate.

It's very unlikely the FortiClient is used that way. And the user has full control whether the connection is open or not.
0
 

Author Comment

by:rayluvs
ID: 41835175
So the user may have been correct in his insistence in checking this out.

Question,
How can we know the connection has been initiated? Or is it automatic or manually?

Is there a way to verify in the remote FortiGate that it has been set that way?

Finally, if we find that is initiated, what would the apps be monitoring? Or as the question states,  what are they used for?

Thank you.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 41835180
I'm not getting this. You clearly know which the remote FortiGate is. The user should know who installed and set up the client. If there is no purpose for the VPN, it is misused.

With an open VPN connection, all traffic can be redirected to pass the VPN. That traffic can be monitored that way. But no process control, screenwriting, local files or whatever else are in direct reach. To get at the file system, sharing needs to be enabled, and valid credentials used.

An open VPN connection is visible by looking at the tray icon.
0
 

Author Comment

by:rayluvs
ID: 41835201
Sorry if we mislead you to understand that we know which the remote FortiGate is; we don't (the reason for the question).  The user also doesn't known because as he puts it, he just gives his PC to the tech when there is trouble and also he has lent his PC to his associates (yes, the user is not technically security prone); the reason for our question.

Also according to the users he has never connected to us office remotely, so maybe there is a misuse?

So with an open VPN connection, his PC can be monitored and when you say "no process control" you mean that the malignant remite user cannot control the PC?
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 41835296
All you need to do is look into the VPN configuration. The remote gateway is noted with IP or DNS name, and that should allow to track where it belongs to. I assume you want to know that?! Otherwise just remove the client

And regarding monitoring. the VPN could be the means to connect to a local process, which is able to perform monitoring of any kind. That is, there needs to be another process, but it could get started using the VPN connection - maybe.
0
 

Author Comment

by:rayluvs
ID: 41841374
We haven't been on the computer either apps to try he recommendations until tomorrow.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question