Fortinet black logo

EMS Administration Guide

Viewing quarantined files

Viewing quarantined files

After FortiClient quarantines files on endpoints and sends the quarantined file information to FortiClient EMS, you can view the list of quarantined files on the Files pane. You can also view details about each quarantined file and use filters to access quarantined files with specific qualities.

Viewing the Files content pane

You can view information about quarantined files on the Files content pane.

Go to Quarantine Management > Files. The list of quarantined files, a quick status bar, and a toolbar display in the content pane.

Quarantined Files

Number of files that FortiClient has quarantined on endpoints. Click to display the list of quarantined files.

Restored Files

Number of files that have been restored on endpoints. Click to display the list of restored files.

Affected Hosts

Number of hosts where FortiClient has quarantined files. Click to display the list of quarantined files sorted by hostname.

New Detections

Number of new detections. Click to display the list of newly detected threats sorted by date detected.

View

Toggle between the following options:

  • View all files or view only quarantined files
  • Show or hide full path names for files

Display by

Select to display the list of files by instance, host, threat, or date.

Search All Fields

Enter a value and press Enter to search for the value in the list of files.

Filters

Click to display and hide filters you can use to filter the list of files.

Refresh

Click to refresh the list of files in the content pane.

Clear Filters

Click to clear all filters applied to the list of files.

Checkbox

Click to select all files displayed in the content pane.

Host

Hostname of the endpoint. Also shows the group the endpoint belongs to.

File

Name of the file.

Size

Size of the file in bytes.

Threat

Name of threat.

Source

Displays how FortiClient detected the threat:

  • Scheduled Scan
  • Email Scan
  • Startup Scan
  • Manual Scan
  • Realtime Scan
  • Rootkit Manual Scan
  • Sandbox Scan

Status

Status of the file: Quarantined, Quarantined & Whitelisted, Restored, or Deleted. Also shows the time that FortiClient quarantined the file.

Summary

Displays the number of threat instances and number of affected hosts.

Filtering files list

You can filter the list of files displayed on the Files content pane.

  1. Go to Quarantine Management > Files. The list of files displays.
  2. Click the Filters menu, and set filters.

    The filter options display.

    For text values, you can use a comma (,) to separate values and an exclamation mark (!) to exclude a value.

    Filename

    Enter the file name(s) to include in the filter. You can exclude a name or names from the filter using an exclamation mark (!).

    Location

    Enter the file location(s) to include in the filter. You can exclude a location or locations from the filter using an exclamation mark (!).

    Checksum

    Enter the checksum(s) to include in the filter. You can exclude a checksum or checksums from the filter using an exclamation mark (!).

    Threat

    Enter the threat(s) to include in the filter. You can exclude a threat or threats from the filter using an exclamation mark (!). You can also select the desired threat(s) from the dropdown list.

    Source

    Enter the source(s) to include in the filter. You can exclude a source or sources from the filter using an exclamation mark (!). You can also select the desired source(s) from the dropdown list.

    Status

    Enter the status(es) to include in the filter. You can exclude a status or statuses from the filter using an exclamation mark (!). You can also select the desired statuse(s) from the dropdown list.

    Date

    Enter the range of dates to include in the filter.

    Host

    Enter the host(s) to include in the filter. You can exclude a host or hosts from the filter using an exclamation mark (!). You can also select the desired host(s) from the dropdown list.

    Group

    Enter the endpoint group(s) to include in the filter. You can exclude a group or groups from the filter using an exclamation mark (!). You can also select the desired group(s) from the dropdown list.

  3. Click Apply. The filtered list of files displays.
  4. Click Clear Filters to clear the filter settings.

Viewing quarantined files

After FortiClient quarantines files on endpoints and sends the quarantined file information to FortiClient EMS, you can view the list of quarantined files on the Files pane. You can also view details about each quarantined file and use filters to access quarantined files with specific qualities.

Viewing the Files content pane

You can view information about quarantined files on the Files content pane.

Go to Quarantine Management > Files. The list of quarantined files, a quick status bar, and a toolbar display in the content pane.

Quarantined Files

Number of files that FortiClient has quarantined on endpoints. Click to display the list of quarantined files.

Restored Files

Number of files that have been restored on endpoints. Click to display the list of restored files.

Affected Hosts

Number of hosts where FortiClient has quarantined files. Click to display the list of quarantined files sorted by hostname.

New Detections

Number of new detections. Click to display the list of newly detected threats sorted by date detected.

View

Toggle between the following options:

  • View all files or view only quarantined files
  • Show or hide full path names for files

Display by

Select to display the list of files by instance, host, threat, or date.

Search All Fields

Enter a value and press Enter to search for the value in the list of files.

Filters

Click to display and hide filters you can use to filter the list of files.

Refresh

Click to refresh the list of files in the content pane.

Clear Filters

Click to clear all filters applied to the list of files.

Checkbox

Click to select all files displayed in the content pane.

Host

Hostname of the endpoint. Also shows the group the endpoint belongs to.

File

Name of the file.

Size

Size of the file in bytes.

Threat

Name of threat.

Source

Displays how FortiClient detected the threat:

  • Scheduled Scan
  • Email Scan
  • Startup Scan
  • Manual Scan
  • Realtime Scan
  • Rootkit Manual Scan
  • Sandbox Scan

Status

Status of the file: Quarantined, Quarantined & Whitelisted, Restored, or Deleted. Also shows the time that FortiClient quarantined the file.

Summary

Displays the number of threat instances and number of affected hosts.

Filtering files list

You can filter the list of files displayed on the Files content pane.

  1. Go to Quarantine Management > Files. The list of files displays.
  2. Click the Filters menu, and set filters.

    The filter options display.

    For text values, you can use a comma (,) to separate values and an exclamation mark (!) to exclude a value.

    Filename

    Enter the file name(s) to include in the filter. You can exclude a name or names from the filter using an exclamation mark (!).

    Location

    Enter the file location(s) to include in the filter. You can exclude a location or locations from the filter using an exclamation mark (!).

    Checksum

    Enter the checksum(s) to include in the filter. You can exclude a checksum or checksums from the filter using an exclamation mark (!).

    Threat

    Enter the threat(s) to include in the filter. You can exclude a threat or threats from the filter using an exclamation mark (!). You can also select the desired threat(s) from the dropdown list.

    Source

    Enter the source(s) to include in the filter. You can exclude a source or sources from the filter using an exclamation mark (!). You can also select the desired source(s) from the dropdown list.

    Status

    Enter the status(es) to include in the filter. You can exclude a status or statuses from the filter using an exclamation mark (!). You can also select the desired statuse(s) from the dropdown list.

    Date

    Enter the range of dates to include in the filter.

    Host

    Enter the host(s) to include in the filter. You can exclude a host or hosts from the filter using an exclamation mark (!). You can also select the desired host(s) from the dropdown list.

    Group

    Enter the endpoint group(s) to include in the filter. You can exclude a group or groups from the filter using an exclamation mark (!). You can also select the desired group(s) from the dropdown list.

  3. Click Apply. The filtered list of files displays.
  4. Click Clear Filters to clear the filter settings.