Fortinet black logo

EMS Administration Guide

AntiVirus Protection

AntiVirus Protection

Enable antivirus protection. Some options only display if you enable Advanced view. Configure the following options:

Options

Description

AntiVirus Protection

Toggle to enable or disable AntiVirus protection.

Real-Time Protection

Scan Files as They Are Downloaded or Copied to My System

Scan files for threats as they are downloaded or copied to the system.

On Virus Discovery

  • Warn the User If a Process Attempts to Access Infected Files
  • Quarantine Infected Files. You can use FortiClient to view, restore, or delete the quarantined file, as well as view the virus name, submit the file to FortiGuard, and view logs.
  • Deny Access to Infected Files
  • Ignore Infected Files

Alert When Viruses Are Detected

If enabled, displays the Virus Alert dialog when a virus is detected while attempting to download a file via a web browser. The dialog allows you to view recently detected viruses, their locations, and statuses.

Identify Malware and Exploits Using Signatures Received from FortiSandbox

If enabled, uses signatures from FortiSandbox to identify malware and exploits. This option is available only if the Sandbox Detection tab is enabled. Enter the number of minutes after which to update signatures.

Block Known Communication Channels Used by Attackers

Enable to block known communication channels used by attackers.

Block All Access to Malicious Websites

Block all access to malicious websites. You must select FortiProxy (Disable Only When Troubleshooting) on the System Settings tab before you can enable this option.

Security Risk

You can configure an action for all websites categorized as security risks. Select one of the following:

  • Block
  • Warn
  • Allow
  • Monitor

Click the + button to view all security risk subcategories and configure individual actions (Block, Warn, Allow, Monitor) for each subcategory:

  • Dynamic DNS
  • Malicious Websites
  • Newly Observed Domain
  • Newly Registered Domain
  • Phishing
  • Spam URLs

Use the Exclusion List Defined in the Web Filter Profile

If this option is enabled, the exclusion list on the Web Filter tab is used. If this option is not enabled, you must define exclusions under Exclusions.

Scan Compressed Files

Enable to scan compressed files for threats.

Max Size

Configure the maximum size (in MB) of compressed files to scan. To allow scanning compressed files of any size, enter 0.

User Process Scanning

Enable user process scanning. Select one of the following:

  • Scan Files When Processes Read or Write Them
  • Scan Files When Processes Read Them
  • Scan Files When Processes Write Them

Scan Network Files

Enable to scan network files for threats.

System Process Scanning

Enable system process scanning. Select one of the following:

  • Scan Files When System Processes Read or Write Them
  • Scan Files When System Processes Read Them
  • Scan Files When System Processes Write Them
  • Do Not Scan Files When System Processes Read or Write Them

On Demand Scanning

On Virus Discovery

Select one of the following from the dropdown list:

  • Warn the User If a Process Attempts to Access Infected Files
  • Quarantine Infected Files. You can use FortiClient to view, restore, or delete the quarantined file, as well as view the virus name, submit the file to FortiGuard, and view logs.
  • Ignore Infected Files

Integrate FortiClient into Windows Explorer's Context Menu

Adds a Scan with FortiClient AntiVirus option to the Windows Explorer right-click menu.

Pause Scanning When Running on Battery Power

Enable to pause scanning when the computer is running on battery power.

Automatically Submit Suspicious Files to FortiGuard for Analysis

Enable to automatically submit suspicious files to FortiGuard for analysis. You do not receive feedback for files submitted for analysis. The FortiGuard team is able to create signatures for any files that are submitted for analysis and determined to be malicious.

Scan Compressed Files

Enable to scan compressed files for threats.

Max Size

Configure the maximum size of compressed files to be scanned in MB. To allow compressed files of any size, enter 0.

Max Scan Speed on Computers With

Select the minimum amount of memory that must be installed on a computer to maximize scan speed:

  • 4 GB
  • 6 GB
  • 8 GB
  • 12 GB
  • 16 GB

Scheduled Scan

Enable scheduled scans.

Schedule Type

Select Daily, Weekly, or Monthly.

Scan On

If Weekly is selected, select the day of the week to perform the scan. If Monthly is selected, select the day of the month to perform the scan. Note that if you configure monthly scans to occur on the 31st of each month, the scan occurs on the first day of the month for months with fewer than 31 days.

Start At

Configure the start time for the scheduled scan.

Scan Type

Select Quick, Full, or Custom.

Quick

Runs the rootkit detection engine to detect and remove rootkits. The quick scan only scans the following items for threats: executable files, DLLs, and drivers that are currently running.

Full

Runs the rootkit detection engine to detect and remove rootkits, then performs a full system scan of all files, executable files, DLLs, and drivers. If Full is selected, you have the following options:

  • Scan removable media, if present
  • Scan network drives

Custom

Runs the rootkit detection engine to detect and remove rootkits. In the Folder field, enter the full path of the folder on your local hard disk drive that will be scanned.

Scan Priority

Set to Low, Normal, or High. This refers to the amount of processing power the scan uses and its impact on other processes.

Scan Removable Media

Enable to scan connected removable media, such as USB drives, for threats.

Scan Network Drives

Enable to scan network drives for threats.

Enable Scheduled Scans Even When a Third-Party AV Product Is Present

Enable scheduled scans even when a third party AV product is present.

Anti-Exploit

Toggle to enable anti-exploit engine.

Show System Tray Notifications

Enable to show system tray notifications when an exploit is detected.

Application Exclusion List

Select applications to exclude from anti-exploit detection.

Exclusions

Enable exclusions from antivirus scanning. FortiClient EMS supports using wildcards and path variables to specify files and folders to exclude from scanning. The following wildcards and variables are supported, among others:

  • Using wildcards to exclude a range of file names with a specified extension, such as Edb*.jrs
  • Using wildcards to exclude all files with a specified extension, such as *.jrs
  • Path variable %windir%
  • Path variable %allusersprofile%
  • Path variable %systemroot%
  • Path variable %systemdrive%

Note that having a longer exclusion list affects antivirus performance. It is advised to keep the exclusion list as short as possible.

Paths to Excluded Folders

Enter fully qualified excluded folder paths in the provided text box to exclude these folders from antivirus scanning.

Paths to Excluded Files

Enter fully qualified excluded files in the provided text box to exclude these files from antivirus scanning.

File Extensions Excluded from Real-Time Protection

Enter file extensions to exclude from realtime AV protection.

File Extensions Excluded from On Demand Scanning

Enter file extensions to exclude from on demand AV protection.

Other

Scan for Rootkits

Enable to scan for rootkits.

A rootkit is a collection of programs that enable administrator-level access to a computer or computer network. Typically a rootkit is installed on a computer after first obtaining user-level access by exploiting a known vulnerability or cracking a password.

Scan for Adware

Enable to scan for adware.

Adware is a form of software that downloads or displays unwanted ads when a user is online.

Scan for Riskware

Enable to scan for riskware.

Riskware refers to legitimate programs which, when installed and executed, presents a possible but not definite risk to the computer.

Enable Advanced Heuristics

Enable advanced heuristics. Advanced heuristics is a sequence of heuristics to detect complex malware.

Scan Removable Media on Insertion

Enable to scan removable media (CDs, DVDs, Blu-ray disks, USB keys etc.) on insertion.

Scan Email

Enable to scan emails for threats.

Scan MIME files (Inbox Files)

Enable to scan MIME files.

Multipurpose Internet Mail Extensions (MIME) is an Internet standard that extends the format of the email to support the following:

  • Text in character sets other than ASCII
  • Non text attachments (audio, video, images, applications)
  • Message bodies with multiple parts

Enable FortiGuard Analytics

Automatically sends suspicious files to FortiGuard for analysis.

Notify Logged in Users if Their AV Signatures Expired

Enable to notify logged in users if their AntiVirus signatures have expired.

AntiVirus Protection

Enable antivirus protection. Some options only display if you enable Advanced view. Configure the following options:

Options

Description

AntiVirus Protection

Toggle to enable or disable AntiVirus protection.

Real-Time Protection

Scan Files as They Are Downloaded or Copied to My System

Scan files for threats as they are downloaded or copied to the system.

On Virus Discovery

  • Warn the User If a Process Attempts to Access Infected Files
  • Quarantine Infected Files. You can use FortiClient to view, restore, or delete the quarantined file, as well as view the virus name, submit the file to FortiGuard, and view logs.
  • Deny Access to Infected Files
  • Ignore Infected Files

Alert When Viruses Are Detected

If enabled, displays the Virus Alert dialog when a virus is detected while attempting to download a file via a web browser. The dialog allows you to view recently detected viruses, their locations, and statuses.

Identify Malware and Exploits Using Signatures Received from FortiSandbox

If enabled, uses signatures from FortiSandbox to identify malware and exploits. This option is available only if the Sandbox Detection tab is enabled. Enter the number of minutes after which to update signatures.

Block Known Communication Channels Used by Attackers

Enable to block known communication channels used by attackers.

Block All Access to Malicious Websites

Block all access to malicious websites. You must select FortiProxy (Disable Only When Troubleshooting) on the System Settings tab before you can enable this option.

Security Risk

You can configure an action for all websites categorized as security risks. Select one of the following:

  • Block
  • Warn
  • Allow
  • Monitor

Click the + button to view all security risk subcategories and configure individual actions (Block, Warn, Allow, Monitor) for each subcategory:

  • Dynamic DNS
  • Malicious Websites
  • Newly Observed Domain
  • Newly Registered Domain
  • Phishing
  • Spam URLs

Use the Exclusion List Defined in the Web Filter Profile

If this option is enabled, the exclusion list on the Web Filter tab is used. If this option is not enabled, you must define exclusions under Exclusions.

Scan Compressed Files

Enable to scan compressed files for threats.

Max Size

Configure the maximum size (in MB) of compressed files to scan. To allow scanning compressed files of any size, enter 0.

User Process Scanning

Enable user process scanning. Select one of the following:

  • Scan Files When Processes Read or Write Them
  • Scan Files When Processes Read Them
  • Scan Files When Processes Write Them

Scan Network Files

Enable to scan network files for threats.

System Process Scanning

Enable system process scanning. Select one of the following:

  • Scan Files When System Processes Read or Write Them
  • Scan Files When System Processes Read Them
  • Scan Files When System Processes Write Them
  • Do Not Scan Files When System Processes Read or Write Them

On Demand Scanning

On Virus Discovery

Select one of the following from the dropdown list:

  • Warn the User If a Process Attempts to Access Infected Files
  • Quarantine Infected Files. You can use FortiClient to view, restore, or delete the quarantined file, as well as view the virus name, submit the file to FortiGuard, and view logs.
  • Ignore Infected Files

Integrate FortiClient into Windows Explorer's Context Menu

Adds a Scan with FortiClient AntiVirus option to the Windows Explorer right-click menu.

Pause Scanning When Running on Battery Power

Enable to pause scanning when the computer is running on battery power.

Automatically Submit Suspicious Files to FortiGuard for Analysis

Enable to automatically submit suspicious files to FortiGuard for analysis. You do not receive feedback for files submitted for analysis. The FortiGuard team is able to create signatures for any files that are submitted for analysis and determined to be malicious.

Scan Compressed Files

Enable to scan compressed files for threats.

Max Size

Configure the maximum size of compressed files to be scanned in MB. To allow compressed files of any size, enter 0.

Max Scan Speed on Computers With

Select the minimum amount of memory that must be installed on a computer to maximize scan speed:

  • 4 GB
  • 6 GB
  • 8 GB
  • 12 GB
  • 16 GB

Scheduled Scan

Enable scheduled scans.

Schedule Type

Select Daily, Weekly, or Monthly.

Scan On

If Weekly is selected, select the day of the week to perform the scan. If Monthly is selected, select the day of the month to perform the scan. Note that if you configure monthly scans to occur on the 31st of each month, the scan occurs on the first day of the month for months with fewer than 31 days.

Start At

Configure the start time for the scheduled scan.

Scan Type

Select Quick, Full, or Custom.

Quick

Runs the rootkit detection engine to detect and remove rootkits. The quick scan only scans the following items for threats: executable files, DLLs, and drivers that are currently running.

Full

Runs the rootkit detection engine to detect and remove rootkits, then performs a full system scan of all files, executable files, DLLs, and drivers. If Full is selected, you have the following options:

  • Scan removable media, if present
  • Scan network drives

Custom

Runs the rootkit detection engine to detect and remove rootkits. In the Folder field, enter the full path of the folder on your local hard disk drive that will be scanned.

Scan Priority

Set to Low, Normal, or High. This refers to the amount of processing power the scan uses and its impact on other processes.

Scan Removable Media

Enable to scan connected removable media, such as USB drives, for threats.

Scan Network Drives

Enable to scan network drives for threats.

Enable Scheduled Scans Even When a Third-Party AV Product Is Present

Enable scheduled scans even when a third party AV product is present.

Anti-Exploit

Toggle to enable anti-exploit engine.

Show System Tray Notifications

Enable to show system tray notifications when an exploit is detected.

Application Exclusion List

Select applications to exclude from anti-exploit detection.

Exclusions

Enable exclusions from antivirus scanning. FortiClient EMS supports using wildcards and path variables to specify files and folders to exclude from scanning. The following wildcards and variables are supported, among others:

  • Using wildcards to exclude a range of file names with a specified extension, such as Edb*.jrs
  • Using wildcards to exclude all files with a specified extension, such as *.jrs
  • Path variable %windir%
  • Path variable %allusersprofile%
  • Path variable %systemroot%
  • Path variable %systemdrive%

Note that having a longer exclusion list affects antivirus performance. It is advised to keep the exclusion list as short as possible.

Paths to Excluded Folders

Enter fully qualified excluded folder paths in the provided text box to exclude these folders from antivirus scanning.

Paths to Excluded Files

Enter fully qualified excluded files in the provided text box to exclude these files from antivirus scanning.

File Extensions Excluded from Real-Time Protection

Enter file extensions to exclude from realtime AV protection.

File Extensions Excluded from On Demand Scanning

Enter file extensions to exclude from on demand AV protection.

Other

Scan for Rootkits

Enable to scan for rootkits.

A rootkit is a collection of programs that enable administrator-level access to a computer or computer network. Typically a rootkit is installed on a computer after first obtaining user-level access by exploiting a known vulnerability or cracking a password.

Scan for Adware

Enable to scan for adware.

Adware is a form of software that downloads or displays unwanted ads when a user is online.

Scan for Riskware

Enable to scan for riskware.

Riskware refers to legitimate programs which, when installed and executed, presents a possible but not definite risk to the computer.

Enable Advanced Heuristics

Enable advanced heuristics. Advanced heuristics is a sequence of heuristics to detect complex malware.

Scan Removable Media on Insertion

Enable to scan removable media (CDs, DVDs, Blu-ray disks, USB keys etc.) on insertion.

Scan Email

Enable to scan emails for threats.

Scan MIME files (Inbox Files)

Enable to scan MIME files.

Multipurpose Internet Mail Extensions (MIME) is an Internet standard that extends the format of the email to support the following:

  • Text in character sets other than ASCII
  • Non text attachments (audio, video, images, applications)
  • Message bodies with multiple parts

Enable FortiGuard Analytics

Automatically sends suspicious files to FortiGuard for analysis.

Notify Logged in Users if Their AV Signatures Expired

Enable to notify logged in users if their AntiVirus signatures have expired.