AntiVirus Protection
|
Enable or disable AV protection.
|
Real-Time Protection
|
Enable or disable real-time protection.
|
Action On Virus Discovery
|
- Quarantine Infected Files. You can use FortiClient to view, restore, or delete the quarantined file, as well as view the virus name, submit the file to FortiGuard, and view logs.
- Deny Access to Infected Files
- Ignore Infected Files
|
Alert When Viruses Are Detected
|
Display the Virus Alert dialog when FortiClient detects a virus while the user attempts to download a file via a web browser. The dialog allows you to view recently detected viruses, their locations, and statuses.
|
Identify Malware and Exploits Using Signatures Received from FortiSandbox
|
Use FortiSandbox signatures to identify malware and exploits. This option is available only if the Sandbox Detection tab is enabled. Enter the number of minutes after which to update signatures.
|
Block Known Communication Channels Used by Attackers
|
Enable or disable command and control (C&C) detection using IP reputation database signatures. Check network traffic against known C&C communication IP address plus port number combinations.
|
Block Access to Malicious Websites
|
Block all access to malicious websites. You must select FortiProxy (Disable Only When Troubleshooting) on the System Settings tab before you can enable this option.
|
|
Use the Exclusion List Defined in the Web Filter Profile
|
If you enable this option, FortiClient uses the exclusion list on the Web Filter tab. If you do not enable this option, you must define exclusions under Exclusions.
|
Scan Compressed Files
|
Scan archive files, including zip, rar, and tar files, for threats. Default file extensions are listed in RTP exclusions below.
|
|
Max Size
|
Only scan files under the specified size. To allow scanning compressed files of any size, enter 0.
|
Scan Files Accessed by User Process
|
|
Configure when RTP should scan files accessed by the user process. Select one of the following:
- Scan Files When Processes Read or Write Them
- Scan Files When Processes Read Them
- Scan Files When Processes Write Them
|
|
Scan Network Files
|
Scan network files for threats when a user process accesses them.
|
System Process Scanning
|
|
Enable system process scanning. Select one of the following:
- Scan Files When System Processes Read or Write Them
- Scan Files When System Processes Read Them
- Scan Files When System Processes Write Them
- Do Not Scan Files When System Processes Read or Write Them
|
On Demand Scanning
|
|
Action On Virus Discovery
|
Select one of the following from the dropdown list:
- Warn the User If a Process Attempts to Access Infected Files
- Quarantine Infected Files. You can use FortiClient to view, restore, or delete the quarantined file, as well as view the virus name, submit the file to FortiGuard, and view logs.
- Ignore Infected Files
|
Integrate FortiClient into Windows Explorer's Context Menu
|
Adds a Scan with FortiClient AntiVirus option to the Windows Explorer right-click menu.
|
Pause Scanning When Running on Battery Power
|
Pause scanning when the computer is running on battery power.
|
Allow Admin Users to Terminate Scheduled and On-Demand Scans from FortiClient Console
|
Control whether the local administrator can stop a scheduled or on-demand AV scan that the EMS administrator initiated. A user who is not a local administrator cannot stop a scheduled or on-demand AV scan regardless of this setting.
|
Automatically Submit Suspicious Files to FortiGuard for Analysis
|
Automatically submit suspicious files to FortiGuard for analysis. You do not receive feedback for files submitted for analysis. The FortiGuard team is
able to create signatures for any files that are submitted for analysis and determined
to be malicious.
|
Scan Compressed Files
|
Scan archive files, including zip, rar, and tar files, for threats.
|
|
Max Size
|
Only scan files under the specified size. To allow scanning compressed files of any size, enter 0.
|
Max Scan Speed on Computers With
|
Select the minimum amount of memory that must be installed on a computer to maximize scan speed. AV maximizes scan speed by loading signatures on computers with a minimum amount of memory:
- 4 GB
- 6 GB
- 8 GB
- 12 GB
- 16 GB
|
Scheduled Scan
|
Enable scheduled scans.
|
Schedule Type
|
Select Daily, Weekly, or Monthly.
|
Scan On
|
If you selected Weekly, select the day of the week to perform the scan. If you selected Monthly, select the day of the month to perform the scan. If you configure monthly scans to occur on the 31st of each month, the scan occurs on the first day of the month for months with fewer than 31 days.
|
Start At
|
Configure the start time for the scheduled scan.
|
Scan Type
|
Select one of the following:
-
Quick: Runs the rootkit detection engine to detect and
remove rootkits. The quick scan only scans the following items for
threats: executable files, DLLs, and drivers that are currently
running.
-
Full: Runs the rootkit detection engine to detect and
remove rootkits, then performs a full system scan of all files,
executable files, DLLs, and drivers. If you select Full, you have the following options:
- Scan removable media, if present
- Scan network drives
-
Custom: Runs the rootkit detection engine to detect and remove rootkits. In the Folder field, enter the full path of the folder on your local hard disk drive that FortiClient will scan.
|
Scan Priority
|
Set to Low, Normal, or High. This refers to the amount of processing power the scan uses and its impact on other processes.
|
Scan Removable Media
|
Scan connected removable media, such as USB drives, for threats, if present.
|
Scan Network Drives
|
Scan attached or mounted network drives for threats.
|
Enable Scheduled Scans Even When a Third-Party AV Product Is Present
|
|
Enable scheduled scans even when a third party AV product is present.
|
Anti-Exploit
|
Enable anti-exploit engine to monitor commonly used applications for attempts to exploit known vulnerabilities.
|
Show System Tray Notifications
|
|
Show system tray notifications when the anti-exploit engine detects an exploit.
|
Application Exclusion List
|
|
Select applications to exclude from anti-exploit detection.
|
Removable Media Access
|
|
Enable controlling access to removable media devices, such as USB drives.
|
Control removable media access
|
|
Configure the action to take with removable media devices. Available options are:
-
Allow: Allow access to all removable media devices connected to the endpoint.
-
Deny: Deny access to all removable media devices connected to the endpoint.
-
Monitor: Log all removable media device connections to the endpoint.
|
Show bubble notifications
|
|
Show a bubble notification when FortiClient blocks removable media access.
|
Exclusions
|
Enable exclusions from AV scanning. FortiClient EMS supports using wildcards and path variables to specify files and folders to exclude from scanning. The following wildcards and variables are supported:
- Using wildcards to exclude a range of file names with a specified extension, such as Edb*.jrs
- Using wildcards to exclude all files with a specified extension, such as *.jrs
- Path variable %windir%
- Path variable %allusersprofile%
- Path variable %systemroot%
- Path variable %systemdrive%
Having a longer exclusion list affects AV performance. Keeping the exclusion list as short as possible is advised.
|
Paths to Excluded Folders
|
Enter fully qualified excluded folder paths in the provided text
box to exclude these folders from RTP and on-demand scanning.
|
Paths to Excluded Files
|
Enter fully qualified excluded files in the provided text box to
exclude these files from RTP and on-demand scanning.
|
File Extensions Excluded from Real-Time Protection
|
Realtime AV protection skips scanning files with the specified extensions.
|
File Extensions Excluded from On Demand Scanning
|
On-demand AV protection skips scanning files with the specified extensions.
|
Other
|
|
Scan for Rootkits
|
Scan for files implementing advanced OS hooks used by malware to protect themselves from being shutdown, killed, or deleted.
A rootkit is a collection of programs that enable administrator-level access to a computer or computer network. Typically a rootkit is installed on a computer after first obtaining user-level access by exploiting a known vulnerability or cracking a password.
|
Scan for Adware
|
Scan for adware.
Adware is a form of software that downloads or displays unwanted ads when a user is online.
|
Scan for Riskware
|
Scan for riskware.
Riskware refers to legitimate programs which, when installed and executed, presents a possible but not definite risk to the computer.
|
Enable Advanced Heuristics
|
Enable AV scan with heuristics signature. Advanced heuristics is a sequence of heuristics to detect complex malware.
|
Scan Removable Media on Insertion
|
Scan removable media (CDs, DVDs, Blu-ray disks, USB keys etc.) on insertion.
|
Scan Email
|
Scan emails for threats with SMTP and POP3 protocols.
|
Scan MIME files (Inbox Files)
|
Scan inbox email content with Multipurpose Internet Mail Extension (MIME) file types.
MIME is an Internet standard that extends the format of the email to support the following:
- Text in character sets other than ASCII
- Non text attachments (audio, video, images, applications)
- Message bodies with multiple parts
|
Enable FortiGuard Analytics
|
Automatically sends suspicious files to FortiGuard for analysis.
|
Notify Logged in Users if Their AV Signatures Expired
|
Notify logged in users if their AV signatures have expired.
|