BHO/Clientman when installed updates the Browser Settings by modifying registry entries for
The registry updates enhance the Browser capabilities however this BHO sends and receives information to a particular HTTP site. This BHO creates a registry entry for its own program under
Most files bear the file property description of "climan." One of the detected files with the name "mcskin.exe" is a memory-resident program. Once executed, it connects to "" to send system information and to receive updates and additional data. Another memory-resident program with the name "mscman.exe", connects to "" This particular file is auto-executed at Windows startup by creating a registry entry
ClientMan1 = C:\Program Files\ClientMan\mscman.exe
The two sites mentioned are related since they are from the same subnet. BHO/iPend is another detected BHO that connects to the same subnet.

Recommended Action

Check the web interface for your Fortigate unit to ensure the latest AV/NIDS definitions have been downloaded and installed on your system - if required, enable the "Allow Push Update" option