Vulnerability scan show filepath of a vulnerable file

FortiEMS 7.0.7, FCL 7.0.7

There are three ways to get the filepath of a vulnerable file, which had been found in a vulnerability scan on the FortiClient

FortiEMS Server – if the Client is connected with a FortiEMS Server

FortiClient Logs:

Request the FortiClient Logs, wait a minute and then download the FortiClient Logs
Open the .log File in the zip file with an editor, search for all lines for your vulnerability ID (FortiGuard ID, screenshot below) and check the detectedpath.

FortiClient Diagnostics result
will include much more details of the client, might be also helpful for further troubleshooting

Download Diagnostics on the FortiEMS Server for the Endpoint
Open the diag.zip with e.g. 7-zip, open the cab file, select vcm_result.txt with Notepad++ , which can be found in FCDiagData\general\logs\vcm\DATE OF THE LAST SCAN\ folder.

FortiClient – Directly on the Client

If you shouldn’t have access to the FortiEMS Server you may find the Logs directly on the PC where the FortiClient is installed
The default path is :
- C:\Program Files\Fortinet\FortiClient\logs\vcm\DATE OF THE LAST SCAN\vcm_result.txt

Analyze the log file (diag.zip)

Search inside the file for the vulnerability Name you’re interested in e.g. log4net or the FortiGuard IDe.g. 2705 you’re interested in and verify if “ERROR” or “Found vulnerable file”

Here’s an example of a log entry to to a vulnerable file
- [01-30 12:00:19][ ERROR]: VID: 2705, Found vulnerable file: C:\Program Files (x86)\Piusi\Self Service Management 2018\CLIENT\log4net.dll, ver 2.0.8.0

Log entry of a up to date file
- [01-30 12:00:19][ INFO]: VID: 2705, file: C:\Program Files (x86)\Lavasoft\Web Companion\Application\log4net.dll, up to date:1, MatchProductname : 1