home

fortirmon.sys

Fortinet FortiClient

Fortinet Technologies

It runs as a Windows 64-bit kernel mode device driver named “FARegMon”.
Publisher:
Fortinet Inc  (signed by Fortinet Technologies)

Product:
Fortinet FortiClient

Description:
FortiClient Registry Driver

Version:
4.1.113 built by: WinDDK

MD5:
66dc94e1108413b942b9d474c35e09a9

SHA-1:
7cfdad1b5a071a0523f9da0a2c9b5892e0f816c7

SHA-256:
084306929bc0f8ea6423947de288b07f0a297e9cb74ee7e4a3acda82caf4326c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 5:59:05 PM UTC  (today)

File size:
48.6 KB (49,768 bytes)

Product version:
4.1.113

Copyright:
2003-2006 Fortinet Inc. All rights reserved.

Original file name:
fortirmon.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\fortirmon.sys

Digital Signature
Signed by:
Fortinet Technologies

Authority:
VeriSign, Inc.

Valid from:
8/6/2009 2:00:00 AM

Valid to:
8/22/2012 1:59:59 AM

Subject:
CN=Fortinet Technologies, OU=R&D, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Fortinet Technologies, L=Burnaby, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
177D5ECDA3D04647B2C5C9568157A2F6

File PE Metadata
Compilation timestamp:
12/15/2009 8:39:48 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
8.0

Entry address:
0x30A0

Entry point:
53, 56, 57, 41, 54, 48, 81, EC, D8, 00, 00, 00, 48, 8B, D9, 48, 8D, 7C, 24, 70, 48, 8D, 35, D5, 02, 00, 00, 41, BC, 04, 00, 00, 00, 49, 8B, CC, F3, 48, A5, 66, A5, 48, 8D, BC, 24, 98, 00, 00, 00, 48, 8D, 35, 88, 02, 00, 00, B9, 05, 00, 00, 00, F3, 48, A5, 66, A5, 48, 8D, 54, 24, 70, 48, 8D, 4C, 24, 60, FF, 15, EE, 0F, 00, 00, 48, 8D, 94, 24, 98, 00, 00, 00, 48, 8D, 4C, 24, 50, FF, 15, DB, 0F, 00, 00, 48, 8D, 15, 24, 02, 00, 00, 48, 8D, 4C, 24, 40, FF, 15, C9, 0F, 00, 00, 48, 8D, 4C, 24, 40, FF, 15, 2E, 10...
 
[+]

Code size:
13.5 KB (13,824 bytes)

Driver
Display name:
FARegMon

Description:
FortiClient Registry Monitor Driver

Type:
Kernel device driver (KernelDriver)


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.