Fortinet black logo

Administration Guide

Viewing quarantined files

Viewing quarantined files

To view quarantined files:
  1. On the Malware Protection tab, click Threats Detected. This option is available under AntiVirus Protection and Cloud Based Malware Protection. You can also click Zero-Day on the Sandbox Detection tab.

    You can view the original file location, virus name, and logs, and submit the suspicious file to FortiGuard. You cannot restore or delete the quarantined file.

    FortiClient organizes quarantined files into the following sections:

    • Quarantined Files: files that AntiVirus Protection has quarantined
    • Cloud Protection Quarantined Files: files that Cloud Based Malware Protection has quarantined
    • Sandbox Quarantined Files: files that Sandbox Detection has quarantined
  2. The following information displays:

    Filename

    Names of the quarantined files.

    Date Quarantined

    Dates and time the files were quarantined.

  3. Select a file from the list to view detailed information about the file and click Details.

    Submit

    Click submit for FortiGuard analysis.

    Filename

    Name of the quarantined file.

    Original Location

    Location of the file before scanning.

    Date Quarantined

    Date and time the file was quarantined.

    Submitted

    Displays Not Submitted when the selected file has not been submitted to FortiGuard for analysis by clicking the Submit button. Displays Submitted after clicking the Submit button.

    Status

    Status of the file, such as Quarantined.

    Virus Name

    Name of the detected virus.

    Quarantined File Name

    Name of the file after it was quarantined.

    Log File Location

    Location of the log file for the scan.

    Quarantined By

    FortiClient feature that quarantined the file.

    Close

    Click to close the details dialog.

  4. Click Close.

FortiClient sends quarantined file information to EMS. If the EMS administrator whitelists the file (in the case of a false positive), EMS sends the whitelist information to FortiClient. After FortiClient receives the whitelist information, it releases the file from quarantine. See the FortiClient EMS Administration Guide for details.

Viewing quarantined files

To view quarantined files:
  1. On the Malware Protection tab, click Threats Detected. This option is available under AntiVirus Protection and Cloud Based Malware Protection. You can also click Zero-Day on the Sandbox Detection tab.

    You can view the original file location, virus name, and logs, and submit the suspicious file to FortiGuard. You cannot restore or delete the quarantined file.

    FortiClient organizes quarantined files into the following sections:

    • Quarantined Files: files that AntiVirus Protection has quarantined
    • Cloud Protection Quarantined Files: files that Cloud Based Malware Protection has quarantined
    • Sandbox Quarantined Files: files that Sandbox Detection has quarantined
  2. The following information displays:

    Filename

    Names of the quarantined files.

    Date Quarantined

    Dates and time the files were quarantined.

  3. Select a file from the list to view detailed information about the file and click Details.

    Submit

    Click submit for FortiGuard analysis.

    Filename

    Name of the quarantined file.

    Original Location

    Location of the file before scanning.

    Date Quarantined

    Date and time the file was quarantined.

    Submitted

    Displays Not Submitted when the selected file has not been submitted to FortiGuard for analysis by clicking the Submit button. Displays Submitted after clicking the Submit button.

    Status

    Status of the file, such as Quarantined.

    Virus Name

    Name of the detected virus.

    Quarantined File Name

    Name of the file after it was quarantined.

    Log File Location

    Location of the log file for the scan.

    Quarantined By

    FortiClient feature that quarantined the file.

    Close

    Click to close the details dialog.

  4. Click Close.

FortiClient sends quarantined file information to EMS. If the EMS administrator whitelists the file (in the case of a false positive), EMS sends the whitelist information to FortiClient. After FortiClient receives the whitelist information, it releases the file from quarantine. See the FortiClient EMS Administration Guide for details.