Fortinet black logo

Administration Guide

Enabling realtime protection

Enabling realtime protection

For FortiClient in managed mode, when FortiClient Telemetry is connected to FortiGate or EMS, an administrator may enable, configure, and lock realtime protection. You can enable realtime protection if EMS has not locked FortiClient and realtime protection is excluded from FortiGate compliance rules.

If registered to EMS, FortiClient automatically disables realtime protection until it receives a profile from EMS. Standalone FortiClient automatically disables realtime protection when one of the following is true:

  1. The OS is a server
  2. Exchange Server is detected
  3. SQL Server is detected
To enable realtime protection:
  1. On the Malware Protection tab, click the Settings icon.

    The settings page opens.

  2. Select the Scan files as they are downloaded or copied to my system checkbox.

  3. (Optional) Set the following options:

    Dynamic threat detection using threat intelligence data

    Select to use threat intelligence data to provide dynamic threat detection. The Scan files as they are downloaded or copied to my system checkbox must be selected to enable dynamic threat detection.

    Clear to disable dynamic threat detection.

    Block malicious websites

    Select to block all access to malicious websites. Clear to allow access to malicious websites. You can configure an action for all websites categorized as security risks, or configure individual actions for each subcategory. See Blocking malicious websites.

    Block known attack communication channels

    Select to block known communication channels used by attackers. Clear to allow access to known communication channels used by attackers. See Blocking known attack communication channels.

  4. Click OK.

If your system has another AV program installed, FortiClient displays a warning that your system may lock up due to conflicts between different AV products. See Third party AV software and realtime protection.

Enabling realtime protection

For FortiClient in managed mode, when FortiClient Telemetry is connected to FortiGate or EMS, an administrator may enable, configure, and lock realtime protection. You can enable realtime protection if EMS has not locked FortiClient and realtime protection is excluded from FortiGate compliance rules.

If registered to EMS, FortiClient automatically disables realtime protection until it receives a profile from EMS. Standalone FortiClient automatically disables realtime protection when one of the following is true:

  1. The OS is a server
  2. Exchange Server is detected
  3. SQL Server is detected
To enable realtime protection:
  1. On the Malware Protection tab, click the Settings icon.

    The settings page opens.

  2. Select the Scan files as they are downloaded or copied to my system checkbox.

  3. (Optional) Set the following options:

    Dynamic threat detection using threat intelligence data

    Select to use threat intelligence data to provide dynamic threat detection. The Scan files as they are downloaded or copied to my system checkbox must be selected to enable dynamic threat detection.

    Clear to disable dynamic threat detection.

    Block malicious websites

    Select to block all access to malicious websites. Clear to allow access to malicious websites. You can configure an action for all websites categorized as security risks, or configure individual actions for each subcategory. See Blocking malicious websites.

    Block known attack communication channels

    Select to block known communication channels used by attackers. Clear to allow access to known communication channels used by attackers. See Blocking known attack communication channels.

  4. Click OK.

If your system has another AV program installed, FortiClient displays a warning that your system may lock up due to conflicts between different AV products. See Third party AV software and realtime protection.