Fortinet opublikował aktualizację dla produktu FortiClient o numerze wersji 6.4.1! Wersja 6.4.1  naprawiła wiele błędów a w niej problem z rejestracja FortiClinet  na serwerach. Zarówno dodano opcje nie instalowania dodatków do przeglądarki. Rozwiązano problem polegający na nieprawidłowej instalacji funkcji w EMS, poprawili również błąd z logowaniem do FortiAnalyzer. W samym GUI zmieniono dostęp do VPN ponieważ użytkownik nie miał dostępu po dwóch dniach od wyrejestrowania się z usługi EMS.

Rozwiązane problemy:

GUI

Bug ID	Description
624663	FortiClient does not have Remote Access tab for VPN access after two days of disregistering from EMS.
642908	If user deselects save password option for a VPN tunnel, the autoconnect option remains enabled.
642924	FortiClient (Windows) does not clear VPN password when user deselects save password option.
643190	FortiClient does not show error message when user enters wrong password to restore configuration.

Install and deployment

Bug ID	Description
555541	Endpoint reaches a state where new EMS deployment always fails.
556412	FortiClient (Windows) should provide an option to not install browser addon.
610153	EMS-created deployment package installs wrong feature set.
632834	FortiClient should keep its license and configuration after deployment from EMS even if the EMS is unreachable after upgrade.
635079	Deployment does not work.
635965	When FortiClient (Windows) is installed on offline devices using an EMS-created deployment package, FortiClient (Windows) enters „unregistered” state.
636393	Upgrade from free VPN client to full client does not work as expected.
636774	FortiClient does not autoregister after in-place upgrade.
639676	FortiClient (Windows) has no configuration when installed using MSI and MST.
641174	Upgrade from free version to full version fails to reregister to EMS when using FortiClient (Windows) .exe file.

Endpoint control

Bug ID	Description
587261	Endpoint logs Endpoint Quarantine Status changed – Unquarantined.
599779	FortiClient LDAP query performance impact.
638138	FortiClient may lose license and features before administrator configures license timeout value on EMS.
642429	FortiClient (Windows) registration fails on server machines.
655302	epctrl memory leak after repeat download Web Filter custom block page.

Logs

Bug ID	Description
587179	No log for removable device control.
612952	Exporting logs specifies Sandbox as Other category.
630846	FortiClient does not log to FortiAnalyzer.
631435	EMS profile cannot control FortiClient feature debug trace log size.

Malware Protection and Sandbox

Bug ID	Description
580671	FortiClient Web Filter cannot block malicious website due to rating timeout.
592029	FortiClient (Windows) ignores file size limit change for device submissions when submissions come from FortiClient (Windows).
594000	Support drive letter or UNC path for excluding network shares from antivirus (AV) protection.
600765	FortiClient (Windows) log shows Sandbox agent receives "score = 0" instead of "score = 4" for FortiSandbox low-risk file.
606927	FortiClient (Windows) does not send files copied/executed in ISO-mounted CD-ROM to FortiSandbox for further analysis.
629704	Malware Cloud Scan option blocks file access.
631157	FortiSandbox file submission does not work for Microsoft Teams.
632543	FortiClient cannot register with FortiSandbox unless user uses Test button.

Remote Access

Bug ID	Description
557314	FortiClient (Windows) should not allow VPN connection if certificate is invalid and disallow_invalid_server_certificate=1.
599924	Certificate-based IKEv2 cannot connect without enabling EAP.
612364	SSL VPN autoconnect/always up does not work reliably.
623437	IPsec VPN negative split tunnel track.
627245	For IPsec VPN, FortiClient (Windows) resends credentials to multifactor authentication server when user clicks OK button after entering wrong credentials.
629279	FortiClient (Windows) does not execute on_connect script.
630484	FortiClient Connect button does not work if two-factor authentication is canceled.
632389	SSL VPN OS check recognizes Windows 10 as Windows 8 when connecting with a certificate.
634346	DNS queries on LAN interface and dialup interface.
634441	SSL VPN SAML login does not work with realms.
637699	For SSL VPN, if user enters incorrect username/password, they get an error that says that server is unreachable.
639960	FortiClient blocks Adaxes password reset self-service tool from Windows logon screen.
643455	Waking up and logging into the machine can result in a loop if autoconnect is not working.

Web Filter and plugin

Bug ID	Description
524528	FortiClient always allows security risk categories when administrator disables AV and block_malicious_websites =0.
629481	Web Filter plugin always shows same block page for new blocked URL when user leaves warning page without proceeding.
630419	Web Filter does not showing Webpage is blocked message in browser for HTTPS URLs.
644733	Web Filter fails to block exclusion list with files extension in URL with wildcard.
658088	Notification page shows wrong URL for Web Filter.

Other

Bug ID	Description
630844	Some event tabs and icon are missing in EMS for FortiClient.
633532	Software Inventory does not detect Windows Store applications.
642467	After logging out of linked social login service account, FortiClient does not update the avatar.

Common Vulnerabilities and Exposures

Bug ID	Description
618242	FortiClient (Windows) 6.4 running AV engine version 6.00243 or later no longer vulnerable to the following CVE Reference CVE-2020-9295 Visit https://fortiguard.com/psirt for more information.

Znane problemy do rozwiązania:

Application Firewall

Bug ID	Description
564595	Application Firewall does not block BitTorent peer-to-peer traffic.
618613	Issue accessing/running SSH session while Application Firewall is enabled.

Logs

Bug ID	Description
577549	NSS AEP 4.0: clientfeature=unknown logged for cloudscan (cloud-based malware protection).
650334	Feature lists for log setting are not consistent between EMS and FortiClient (Windows).

Endpoint control

Bug ID	Description
587327	Device detection/VPN autoconnect frequency is too frequent.
588059	On-net checked conditions by ESNAC do not match with configuration when only using EMS.
621924	FortiClient does not send full path for some running processes.
623928	End user avatar does not show up.
626429	Incorrect on-/off-fabric profile determination.
627338	EMS does not show correct user information in endpoint summary when Google/LinkedIn option selected for avatar option.
628245	FortiClient loses all tabs except Remote Access for 30 seconds after connecting to VPN.
630966	EMS reports wrong install dates in software inventory.
633206	FortiClient (Windows) loses avatar after deployment.
638107	Endpoints with multiple interfaces with active default routes do not have matching FortiGate information.
645056	AV is installed and running compliance verification rule does not work.
647960	FortiClient does not tag endpoint with an AV signature is updated rule with McAfee.
648153	FortiClient gets stuck at being registered to EMS but not in a reachable state.
648632	FortiClient should send (MAC, IP address) tuple list to EMS
648651	FortiClient reaches an Unable to retrieve EMS Details state after user closes connection key popup.
649033	VPN is stuck and user cannot cancel or close the connection attempt.
653566	EMS reports Sandbox as installed but not enabled when FortiClient (Windows) is registered to EMS.
657208	EMS fails to push assigned on-fabric detection rules to endpoints in some cases.
657615	Endpoint network information display issue.

GUI

Bug ID	Description
611379	Avatar page shows inconsistent pictures after switching users.
620262	Signature version does not get refresh after update_task is done.
620677	SAML SSL VPN tunnel shows wrong username.
622139	In User Identity, clicking signout button when logged into cloud service does not update avatar page.
622149	In User Identity, clicking any cloud service opens the service login page, even if user is already logged in.
622161	In User Identity, after successful logout, user information does not revert to what it was before logging in.
627477	GUI should not display SAML login button when connecting from FortiTray and requiring user to renew expired password.
631273	FortiClient (Windows) should not allow user to save username/password if they are disabled in EMS.

Install and deployment

Bug ID	Description
586279	VDI VMware instant-clone desktops do not generate new FCTID.
622685	FortiClient (Windows) uninstalled from EMS leaves many files.
632273	Upgraded FortiClient does not register to EMS when connection key is enforced via assigned gateway list.

Malware Protection and Sandbox

Bug ID	Description
589416	AV exclusion list should not be case-sensitive.
598846	FortiClient allows user to open attached file before FortiClient (Windows) receives Sandbox result for the attachment.
618245	FortiClient does not protect certain ADS file operations.
623254	Real-time and on-demand scans cannot always quarantine/remove the malware that they find.
634353	FortiClient initial scan ignores %localappdata% exclusion.
648304	FortiClient fails to scan injected DVD files when scanning removable media on insertion is enabled.
657832	FortiClient installed on device with outdated version of Windows 7 does not update signatures.

Remote Access

Bug ID	Description
537299	FortiClient (Windows) does not use correct SSL VPN split DNS server.
625059	IPsec VPN with push authorization takes fifteen seconds for FortiClient (Windows) to display connected status.
627339	With SAML login, FortiClient (Windows) fails to establish VPN connection if FortiOS SSL VPN setting Require Client Certificate is enabled.
631751	SAML login does not work for IPv6.
645174	FortiClient sometimes does not use the remoteauthtimeout value configured on FortiOS for SSL VPN.
648876	Attempt to connect to a tunnel that requires a certificate fails when configured with certifcate filter.
649426	IPsec/SSL VPN per-app VPN split tunnel does not work properly.
649688	With per-app VPN split tunnel, websites with HTTP defined in <fqdn> do not work properly.
651127	FortiClient fails to connect to SSL VPN when using SAML authentication with PingID as the identity provider.
655957	When prompt_certificate=0, GUI does not show certificate dropdown list.
656723	Split DNS does not function on Windows 8.1.
660902	FortiClient (Windows) cannot connect to VPN when push tokens are enabled and the certificate is untrusted. Workaround: If FortiClient (Windows) does not trust the server certificate, you must enable Enable Invalid Server Certificate Warning in VPN settings. Accept the certificate during VPN connection to allow the VPN with push token enabled to connect.

Vulnerability Scan

Bug ID	Description
656814	FortiClient does not parse vulnerability scan results correctly for Microsoft Office applications.

Web Filter

Bug ID	Description
620169	Installing Web Filter plugin only tries to install Chrome plugin.
635681	FortiProxy causes FactoryTalk application to crash.
644776	Web Filter plugin fails to block file download with exclusion list.
648066	Sentinel S1 interoperability issues with FortiClient.

Other

Bug ID	Description
262835	FortiClient process may fail to quit after shutting down FortiClient.
649563	fcconfig CLI command issues.

Zachęcamy do notatek wydanych przez producenta : Releas Notes – FortiClientEMS 6.4.1

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

6.4.1 FortiClient FortiClient 6.4.1