AntiVirus Protection
Enable AV protection. FortiClient's AV component supports twelve levels of nested compressed files for scanning.
Options |
Description |
|
---|---|---|
General |
These settings apply to all AV protection. |
|
Block Known Communication Channels Used by Attackers |
Enable Command and Control (C&C) detection using IP address reputation database signatures. Check network traffic against known C&C IP address plus port number combinations. |
|
Block Access to Malicious Websites |
Block all access to malicious websites. You must select FortiProxy (Disable Only When Troubleshooting) on the System Settings tab before you can enable this option. If you are syncing the profile's Web Filter settings from a Web Filter profile imported from FortiOS or FortiManager, you cannot configure actions for the security risk site categories in EMS. EMS synchronizes these settings from the FortiOS or FortiManager Web Filter profile. See Web Filter. |
|
|
Security Risk |
Configure an action for the security risk site category by selecting one of the following:
You can also click the + button beside the site category to view all subcategories and configure individual actions (Block, Warn, Allow, Monitor) for each subcategory. The security risk category contains the following subcategories:
|
|
Use the Exclusion List Defined in the Web Filter Profile |
If you enable this option, EMS uses the exclusion list on the Web Filter tab. If you disable this option, you must define exclusions under Exclusions. |
Delete Malware Files After |
Enter the number of days after which to delete malware files from the client. |
|
Real-Time Protection |
Enable real-time protection (RTP). |
|
Action On Virus Discovery |
|
|
Alert When Viruses Are Detected |
Displays the Virus Alert dialog when RTP detects a virus while attempting to download a file via a web browser. The dialog allows you to view recently detected viruses, their locations, and statuses. |
|
Identify Malware and Exploits Using Signatures Received from FortiSandbox |
Uses signatures from FortiSandbox to identify malware and exploits. This option is available only if you enable Sandbox Detection. Enter the number of minutes after which to update signatures. |
|
Scan Compressed Files |
Scan archive files, including zip, rar, and tar files, for threats. RTP exclusions list default file extensions. |
|
|
Max Size |
Only scan files under the specified size. To allow scanning compressed files of any size, enter 0. |
Scan Files Accessed by User Process |
Configure when RTP should scan files that a user-initiated process accesses. Select one of the following:
|
|
|
Scan Network Files |
Scan network files for threats when a user-initiated process accesses them. |
System Process Scanning |
Enable system process scanning. Select one of the following:
|
|
Enable Windows Antimalware Scan Interface |
Enable Microsoft Anti-Malware Interface Scan (AMSI). This feature is only available for Windows 10 endpoints. AMSI scans memory for the following malicious behavior:
|
|
Enable Machine Learning Analysis |
Enable or disable machine learning (ML). This feature uses the new FortiClient AV engine, which incorporates smarter signature-less ML-based advanced threat detection. The antimalware solution includes ML models static and dynamic analysis of threats. From the Action On Virus Discovery With Machine Learning Analysis dropdown list, select one of the following:
|
|
On Demand Scanning
|
||
Action On Virus Discovery |
Select one of the following from the dropdown list:
|
|
Integrate FortiClient into Windows Explorer's Context Menu |
Adds a Scan with FortiClient AntiVirus option to the Windows Explorer right-click menu. |
|
|
Hide AV Scan from Windows Explorer's Context Menu |
Hide AV scan option from Windows Explorer's context menu. |
|
Hide AV Analyse from Windows Explorer's Context Menu |
Hide option to submit file for AV analysis from Windows Explorer's context menu. |
Pause Scanning When Running on Battery Power |
Pause scanning when the computer is running on battery power. |
|
Allow Admin Users to Terminate Scheduled and On-Demand Scans from FortiClient Console |
Control whether the local administrator can stop a scheduled or on-demand AV scan initiated by the EMS administrator. A user who is not a local administrator cannot stop a scheduled or on-demand AV scan regardless of this setting. |
|
Automatically Submit Suspicious Files to FortiGuard for Analysis. |
Automatically submit suspicious files to FortiGuard for analysis. You do not receive feedback for files submitted for analysis. The FortiGuard team can create signatures for any files that are submitted for analysis and determined to be malicious. |
|
Scan Compressed Files |
Scan archive files, including zip, rar, and tar files, for threats. |
|
|
Max Size |
Only scan files under the specified size (in MB). To allow scanning compressed files of any size, enter 0. |
Max Scan Speed on Computers With |
Select the minimum amount of memory that must be installed on a computer to maximize scan speed. AV maximizes scan speed by loading signatures on computers with a minimum amount of memory:
|
|
Enable Machine Learning Analysis |
Enable or disable machine learning (ML). This feature uses the new FortiClient AV engine, which incorporates smarter signature-less ML-based advanced threat detection. The antimalware solution includes ML models static and dynamic analysis of threats. From the Action On Virus Discovery With Machine Learning Analysis dropdown list, select one of the following:
|
|
Scheduled Scan |
Enable scheduled scans. |
|
Schedule Type |
Select Daily, Weekly, or Monthly. |
|
Scan On |
If you selected Weekly, select the day of the week to perform the scan. If you selected Monthly, select the day of the month to perform the scan. If you configure monthly scans to occur on the 31st of each month, the scan occurs on the first day of the month for months with fewer than 31 days. |
|
Start At |
Configure the start time for the scheduled scan. |
|
Scan Type |
Select one of the following:
|
|
Scan Priority |
Set to Low, Normal, or High. This refers to the amount of processing power that the scan uses and its impact on other processes. |
|
Scan Removable Media |
Scan connected removable media, such as USB drives, for threats, if present. |
|
Scan Network Drives |
Scan attached or mounted network drives for threats. |
|
Enable Scheduled Scans Even When a Third-Party AV Product Is Present |
Enable scheduled scans even when a third party AV product is present. |