FortiEMS 7.0.7, FCL 7.0.7
How to identify the filepath of a vulnerable file inside
There are three ways to get the filepath of a vulnerable file, which had been found in a vulnerability scan on the FortiClient
FortiEMS Server – if the Client is connected with a FortiEMS Server
FortiClient Logs:
- Request the FortiClient Logs, wait a minute and then download the FortiClient Logs
- Open the .log File in the zip file with an editor, search for all lines for your vulnerability ID (FortiGuard ID, screenshot below) and check the detectedpath.
FortiClient Diagnostics result
will include much more details of the client, might be also helpful for further troubleshooting
- Download Diagnostics on the FortiEMS Server for the Endpoint
- Open the diag.zip with e.g. 7-zip, open the cab file, select vcm_result.txt with Notepad++ , which can be found in FCDiagData\general\logs\vcm\DATE OF THE LAST SCAN\ folder.
FortiClient – Directly on the Client
- If you shouldn’t have access to the FortiEMS Server you may find the Logs directly on the PC where the FortiClient is installed
- The default path is :
- C:\Program Files\Fortinet\FortiClient\logs\vcm\DATE OF THE LAST SCAN\vcm_result.txt
Analyze the log file (diag.zip)
- Search inside the file for the vulnerability Name you’re interested in e.g. log4net or the FortiGuard IDe.g. 2705 you’re interested in and verify if “ERROR” or “Found vulnerable file”
- Here’s an example of a log entry to to a vulnerable file
- [01-30 12:00:19][ ERROR]: VID: 2705, Found vulnerable file: C:\Program Files (x86)\Piusi\Self Service Management 2018\CLIENT\log4net.dll, ver 2.0.8.0
- Log entry of a up to date file
- [01-30 12:00:19][ INFO]: VID: 2705, file: C:\Program Files (x86)\Lavasoft\Web Companion\Application\log4net.dll, up to date:1, MatchProductname : 1
Below are screenshots of an example how to find the filepath of a vulnerable file found in a vulnerability scan
Show the vulnerability of a Endpoint inside FortiEMS
Note the FortiGuard ID of the vulnerability you’re interested in
Download the Diagnostics Result