Fortinet opublikował nową wersję FortiClient EMS oraz FortiClient – 7.0.8! Dzięki aktualizacji, został poprawiony problem z generowaniem certyfikatu z Let’s Encrypt ACME, gdzie problem objawiał się niepowodzeniem związanym z portem 80. Ponadto, nowsza wersji naprawiła komunikację do serwera Aciteve Directory, również poprawiono komunikację pomiędzy klientem- FortiClient a serwerem- FortiClient-EMS. Od wersji 7.0.8, został rozwiązany problem z błędnym wyświetlanie użytkownika, który jest zalogowany. Po więcej informacji, zapraszam do dalszej części artykułu.

Rozwiązane problemy (FortiClient EMS 7.0.8):

Administration

Bug ID	Description
842057	EMS cannot edit admin role to add trusted hosts.
853647	„No Administrators Found” displays under EMS admin users.
853830	Inactivity timeout logs off admin user despite EMS activity.

Endpoint management

Bug ID	Description
727076	EMS does not process uploaded software inventory.
770364	EMS displays third party features section for non-Windows endpoints.
792652	User cannot delete domain.
801583	EMS shows clients as unprotected even if they have a third party antivirus (AV) application installed.
808266	Windows operating system dashboard widget has inaccurate results.
819196	The multipart identifier cs.software_id and cs.is_missing could not be bound.
823047	After EMS upgrade, FCM Events table grows exponentially.
834228	EMS reports endpoint vulnerability when Vulnerability Scan option is not installed on endpoint.
835705	Group Assignment Rules > Run Rules Now option does not work.
839300	EMS fails to download PDF report of on-premise FortiSandbox events on EMS.
842539	After EMS upgrade, EMS shows endpoints duplicated in multiple groups.
846033	Error occurs during Active Directory (AD) sync when an organization unit’s old ancestor is deleted from the domain.
865758	EMS cannot sync AD server.

Endpoint policy and profile

Bug ID	Description
818408	EMS lists unsupported applications in Malware Protection profile antiexploit application list.
824666	EMS does not send FortiClient status changes via syslog.
832445	Web Filter profiles between EMS and FortiGate are mismatched for cryptomining category.
842084	EMS profile GUI is blank.
852508	FortiClient blocks all USB sticks after EMS administrator adds revision number.
886430	EMS does not allow user to edit profile in GUI if profile was imported with XML.

FortiGuard Outbreak Alerts

Bug ID	Description
813928	EMS fails to update eoap signatures: type object ’ComplianceVerificationRuleSet’ has no attribute 'eoap_version’ error.

Fabric devices

Bug ID	Description
841944	FortiClient EMS does not reserve FortiOS client IP address by enabling proxy protocol.
844107	FortiOS does not resolve zero trust network access (ZTNA) IP address when endpoint connects via SSL VPN.

HA

Bug ID	Description
809396	EMS on high availability (HA) backup generates a generic error.
824066	spHAKeepAlive deadlock causes failover.
832719	EMS has error while trying to restore backup.
865263	Software inventory does not show up on GUI.
871411	EMS does not show software inventory.

GUI

Bug ID	Description
632427	Software Inventory filter and sort actions in heading do not work.
774880	User may import the same Zero Trust Tagging Rules multiple times by clicking import button multiple times.

Deployment and installers

Bug ID	Description
824936	EMS fails to deploy FortiClient when manually created FortiClient installer is updated.
842065	Clients cannot connect to EMS server after EMS upgrade.
859123	Only FortiClient 7.0.7 appears in installers, with all custom installers removed.
874652	After updating the FortiClient version on an assignable installer on FortiClient Cloud, the zip file contains installers for both versions.
874803	FortiClient deployment has issue on macOS with installer with space in the name.

License

Bug ID	Description
818702	Log Viewer has error: Failed to check for license expiration: type object 'License’ has no attribute 'get’.
834686	EMS resets license allocation to multitenancy sites if changes are made to default site license.
870207	EMS crashes after user applies incorrect license.

Logs

Bug ID	Description
827295	Clients cannot connect to FortiClient Cloud.
856071	EMS does not send logs to FortiAnalyzer.

System Settings

Bug ID	Description
839677	EMS shows notification: Failed to send email alerts. Please check SMTP server configuration.

Zero Trust tags

Bug ID	Description
819793	EMS does not notify FortiGate when user creates a new tag.
832328	Endpoint is still tagged with threat ID rule after clearing firewall events.
837163	EMS shows hosts with indicators of compromise for REvil Ransomware but details shows „No REvil_IOC_registry_key – Compromised Endpoints (0) Found”.
841675	EMS receives network information but does not send it to FortiGate.
854154	EMS does not have Zero Trust tagging rule for macOS version 13 (Ventura).
875503	Reenabling EMS ZTNA tags shows error 400 „Can only enable up to 10 rules set”.
886690	ZTNA tag fails to check user identity with SAML.

Endpoint control

Bug ID	Description
822914	EMS does not have mechanism for sending license expiration date to endpoints.
848147	EMS sends malformed SAML URL to FortiClient.
873218	Multiple FortiClient records share the same token ID.
877580	EMS displays the wrong logged in user.

Performance

Bug ID	Description
853484	Apache service does not restart if there is database interruption for 10 minutes.
869747	DAS error INSERT statement exceeds the maximum allowed number of 1000 row values.
877540	DAS has error deleting multiple devices: execute script on fcm_default.

Vulnerability Scan

Bug ID	Description
802432	EMS cannot load FortiGuard endpoint vulnerability page with ERR_CONNECTION_TIMED_OUT (-118) error.

Dashboard

Bug ID	Description
781654	EMS does not remove dashboard outbreak alerts when endpoint disconnects.
826234	EMS has unstable endpoint scan results counters under Vulnerability Scan.

Endpoint security

Bug ID	Description
783287	Let’s Encrypt ACME certificate request fails due to port 80 on autotest system.

Onboarding

Bug ID	Description
822126	Delete SAML configuration message shows incorrect active users.
835182	The DELETE statement conflicts with the REFERENCE constraint "fk_Forticlient_Users_Users_machine_user_id".

ZTNA connection rules

Bug ID	Description
832635	Client certificate serial number does not sync to FortiGate for off-fabric FortiClient.

Zero Trust Telemetry

Bug ID	Description
836156	User cannot access FortiClient Cloud instance.

Other

Bug ID	Description
841013	API returns null value.
844330	EMS reports its vulnerability to Web Server Dictionary Indexing/Dictionary Directory Listing Attack.

Common Vulnerabilities and Exposures

Bug ID	Description
800625	FortiClient EMS 7.0.8 is no longer vulnerable to the following CVE References: CVE-2022-24785 Visit https://fortiguard.com/psirt for more information.
868484	FortiClient EMS7.0.8 is no longer vulnerable to the following CVE References: CVE-2022-2097 Visit https://fortiguard.com/psirt for more information.

Notatki producenta: FortiClient 7.0.8

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

7.0.8 FortiClient FortiClient 7.0.8