Fortinet black logo

EMS Administration Guide

Home FortiClient 7.0.0 EMS Administration Guide
7.0.0
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.9
6.4.8
6.4.7
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.8
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0

Cloud-based malware detection

Cloud-based malware detection

Enable cloud-based malware outbreak detection. The cloud-based malware protection feature helps protect endpoints from high risk file types from external sources such as the Internet or network drives by querying FortiGuard to determine whether files are malicious. The following describes the process for cloud-based malware protection:

  1. A high risk file is downloaded or executed on the endpoint.
  2. FortiClient generates a SHA1 checksum for the file.
  3. FortiClient sends the checksum to FortiGuard to determine if it is malicious against the FortiGuard checksum library.
  4. If the checksum is found in the library, FortiGuard communicates to FortiClient that the file is deemed malware. By default, FortiClient quarantines the file.

This feature only submits high risk file types such as .exe, .doc, .pdf, and .dll to FortiGuard. The list of high risk file types is the same as the list of file types that FortiClient submits to Sandbox by default.

Options

Description
Server
Wait for Cloudscan Results before Allowing File Access

Have the endpoint user wait for cloud scanning results before being allowed access to files. Set the timeout in seconds.
Deny Access to File When There is No Cloudscan Result

Deny access to downloaded files if there is no cloud scan result. This may happen if FortiClient EMS cannot reach FortiGuard.
File Submission Options
All Files Executed from Removable Media

Submit all files executed on removable media, such as USB drives, to FortiSandbox for analysis.
All Files Executed from Mapped Network Drives

Submit all files executed from mapped network drives.
All Web Downloads

Submit all web downloads.
All Email Downloads

Submit all email downloads.
Exclude Files from Trusted Sources Exclude files signed by trusted sources from cloud-based malware protection submission.
Remediation Actions
Action

Choose Quarantine or Alert & Notify for malicious files. The user can access the file depending on Wait for Cloudscan Results before Allowing File Access and Deny Access to File When There Is No Cloudscan Result configuration. Whether FortiClient quarantines the file depends on if FortiGuard reports the file as malicious.
Previous
Next

Cloud-based malware detection

Enable cloud-based malware outbreak detection. The cloud-based malware protection feature helps protect endpoints from high risk file types from external sources such as the Internet or network drives by querying FortiGuard to determine whether files are malicious. The following describes the process for cloud-based malware protection:

  1. A high risk file is downloaded or executed on the endpoint.
  2. FortiClient generates a SHA1 checksum for the file.
  3. FortiClient sends the checksum to FortiGuard to determine if it is malicious against the FortiGuard checksum library.
  4. If the checksum is found in the library, FortiGuard communicates to FortiClient that the file is deemed malware. By default, FortiClient quarantines the file.

This feature only submits high risk file types such as .exe, .doc, .pdf, and .dll to FortiGuard. The list of high risk file types is the same as the list of file types that FortiClient submits to Sandbox by default.

Options

Description
Server
Wait for Cloudscan Results before Allowing File Access

Have the endpoint user wait for cloud scanning results before being allowed access to files. Set the timeout in seconds.
Deny Access to File When There is No Cloudscan Result

Deny access to downloaded files if there is no cloud scan result. This may happen if FortiClient EMS cannot reach FortiGuard.
File Submission Options
All Files Executed from Removable Media

Submit all files executed on removable media, such as USB drives, to FortiSandbox for analysis.
All Files Executed from Mapped Network Drives

Submit all files executed from mapped network drives.
All Web Downloads

Submit all web downloads.
All Email Downloads

Submit all email downloads.
Exclude Files from Trusted Sources Exclude files signed by trusted sources from cloud-based malware protection submission.
Remediation Actions
Action

Choose Quarantine or Alert & Notify for malicious files. The user can access the file depending on Wait for Cloudscan Results before Allowing File Access and Deny Access to File When There Is No Cloudscan Result configuration. Whether FortiClient quarantines the file depends on if FortiGuard reports the file as malicious.
Previous
Next