Fortinet black logo

On-demand scans

On-demand scans

The <on_demand_scanning> element defines how the AV scanner handles scanning of files that the end user manually requested.

<forticlient_configuration>

<antivirus>

<on_demand_scanning>

<use_extreme_db>0</use_extreme_db>

<on_virus_found>4</on_virus_found>

<pause_on_battery_power>1</pause_on_battery_power>

<allow_admin_to_stop>1</allow_admin_to_stop>

<signature_load_memory_threshold>8</signature_load_memory_threshold>

<automatic_virus_submission>

<enabled>0</enabled>

<smtp_server>fortinetvirussubmit.com</smtp_server>

<username />

<password>Encrypted/NonEncrypted_PasswordString</password>

</automatic_virus_submission>

<compressed_files>

<scan>1</scan>

<maxsize>0</maxsize>

</compressed_files>

<riskware>

<enabled>1</enabled>

</riskware>

<adware>

<enabled>1</enabled>

</adware>

<heuristic_scanning>

<level>3</level>

<action>2</action>

</heuristic_scanning>

<scan_file_types>

<all_files>1</all_files>

<file_types>

<extensions>.386,.ACE,.ACM,.ACV,.ACX,.ADT,.APP,.ASD,.ASP,.ASX,.AVB,.AX,.AX2,.BAT,.BIN,.BTM,.CDR,.CFM,.CHM,.CLA,.CLASS,.CMD,.CNN,.COM,.CPL,.CPT,.CPY,.CSC,.CSH,.CSS,.DEV,.DLL,.DOC,.DOT,.DRV,.DVB,.DWG,.EML,.EXE,.FON,.GMS,.GVB,.HLP,.HTA,.HTM,.HTML,.HTT,.HTW,.HTX,.HXS,.INF,.INI,.JPG,.JS,.JTD,.KSE,.LGP,.LIB,.LNK,.MDB,.MHT,.MHTM,.MHTML,.MOD,.MPD,.MPP,.MPT,.MRC,.OCX,.PIF,.PL,.PLG,.PM,.PNF,.PNP,.POT,.PPA,.PPS,.PPT,.PRC,.PWZ,.QLB,.QPW,.REG,.RTF,.SBF,.SCR,.SCT,.SH,.SHB,.SHS,.SHT,.SHTML,.SHW,.SIS,.SMM,.SWF,.SYS,.TD0,.TLB,.TSK,.TSP,.TT6,.VBA,.VBE,.VBS,.VBX,.VOM,.VSD,.VSS,.VST,.VWP,.VXD,.VXE,.WBK,.WBT,.WIZ,.WK,.WML,.WPC,.WPD,.WSC,.WSF,.WSH,.XLS,.XML,.XTP</extensions>

<include_files_with_no_extension>0</include_files_with_no_extension>

</file_types>

</scan_file_types>

<exclusions>

<file></file>

<folder></folder>

<file_types>

<extensions></extensions>

</file_types>

</exclusions>

</on_demand_scanning>

</antivirus>

</forticlient_configuration>

The following table provides the XML tags for on-demand scans, as well as the descriptions and default values where applicable.

XML tag

Description

Default value

<use_extreme_db>

Use the extreme database.

Boolean value: [0 | 1]

0

<on_virus_found>

The action FortiClient performs if it finds a virus. Configure one of the following:

  • 4: quarantine infected files. You can use FortiClient to view, restore, or delete the quarantined file, as well as view the virus name, submit the file to FortiGuard, and view logs.
  • 5: deny access to infected files.

4

<pause_on_battery_power>

Pause scanning when the computer is running on battery power.

Boolean value: [0 | 1]

1

<allow_admin_to_stop>

Control whether the local administrator can stop a scheduled or on-demand AV scan that the EMS administrator initiated.

Boolean value: [0 | 1]

1

<signature_load_memory_threshold>

Configure the threshold used to control memory allocation mechanism for signature loading. When the physical machine has more memory than the threshold, it uses the static memory mechanism to load signatures one time, which ensures that the scan is efficient. When the physical machine has less memory than the threshold, it uses the dynamic memory mechanism to load the signatures, which ensures that the scan process does not use too much memory.

<heuristic_scanning> elements

The new FortiClient AV engine incorporates a smarter signature-less machine learning (ML)-based advanced threat detection. The antimalware solution includes ML models static and dynamic analysis of threats.

<level>

This setting applies to real-time and on-demand scans. Enable or disable ML:

  • 0: disable ML.
  • 2: enable ML. If you enter a value higher than 2, the value defaults to 2.

<action>

The action that FortiClient performs if it finds a virus. Enter one of the following:

  • 0: detect the sample, display a warning message, and log the activity.
  • 2: quarantine infected files. You can use FortiClient to view, restore, or delete the quarantined file, as well as view the virus name, submit the file to FortiGuard, and view logs. If you enter a value higher than 2, the value defaults to 2.

<automatic_virus_submission> elements

<enabled>

Automatically submit suspicious files to FortiGuard for analysis. You do not receive feedback for files submitted for analysis. The FortiGuard team is able to create signatures for any files that are submitted for analysis and determined to be malicious.

Boolean value: [0 | 1]

0

<smtp_server>

SMTP server IP address or FQDN.

fortinetvirussubmit.com

<username>

SMTP server username.

<password>

SMTP server encrypted or non-encrypted password.

<compressed_files> elements

<scan>

Scan archive files, including zip, rar, and tar files, for threats.

Boolean value: [0 | 1]

1

<maxsize>

Maximum compressed file size to scan in MB. A number up to 65535. 0 means no limit.

0

<riskware> elements

<enabled>

Scan for riskware. Riskware refers to legitimate programs which, when installed and executed, presents a possible but not definite risk to the computer.

Boolean value: [0 | 1]

1

<adware> element

<enabled>

Scan for adware. Adware is a form of software that downloads or displays unwanted ads when a user is online.

Boolean value: [0 | 1]

1

<scan_file_types> element

<all_files>

Scan all file types. If enabled, ignore the <file_types> element.

Boolean value: [0 | 1]

1

<scan_file_types> <file_types> elements

<extensions>

Enter a comma separated list of extensions to scan.

<include_files_with_no_extension>

Determines whether to scan files with no extension.

Boolean value: [0 | 1]

0

<exclusions> elements

<file>

Full path to a file to exclude from on-demand scanning. Wildcards are not accepted. Element may be repeated to list more files.

<folder>

Full path to a directory to exclude from on-demand scanning. Element may be repeated to list more directories. Shadow Copy format is supported, for example, <folder>\Device\HarddiskVolumeShadowCopy*</folder>. Shadow Copy is also known as Volume Snapshot Service, Volume Shadow Copy Service, or VSS. Wildcards are not accepted.

<exclusions> <file_types> element

<extensions>

Comma separated list of extensions to exclude from on-demand scanning.

On-demand scans

On-demand scans

The <on_demand_scanning> element defines how the AV scanner handles scanning of files that the end user manually requested.

<forticlient_configuration>

<antivirus>

<on_demand_scanning>

<use_extreme_db>0</use_extreme_db>

<on_virus_found>4</on_virus_found>

<pause_on_battery_power>1</pause_on_battery_power>

<allow_admin_to_stop>1</allow_admin_to_stop>

<signature_load_memory_threshold>8</signature_load_memory_threshold>

<automatic_virus_submission>

<enabled>0</enabled>

<smtp_server>fortinetvirussubmit.com</smtp_server>

<username />

<password>Encrypted/NonEncrypted_PasswordString</password>

</automatic_virus_submission>

<compressed_files>

<scan>1</scan>

<maxsize>0</maxsize>

</compressed_files>

<riskware>

<enabled>1</enabled>

</riskware>

<adware>

<enabled>1</enabled>

</adware>

<heuristic_scanning>

<level>3</level>

<action>2</action>

</heuristic_scanning>

<scan_file_types>

<all_files>1</all_files>

<file_types>

<extensions>.386,.ACE,.ACM,.ACV,.ACX,.ADT,.APP,.ASD,.ASP,.ASX,.AVB,.AX,.AX2,.BAT,.BIN,.BTM,.CDR,.CFM,.CHM,.CLA,.CLASS,.CMD,.CNN,.COM,.CPL,.CPT,.CPY,.CSC,.CSH,.CSS,.DEV,.DLL,.DOC,.DOT,.DRV,.DVB,.DWG,.EML,.EXE,.FON,.GMS,.GVB,.HLP,.HTA,.HTM,.HTML,.HTT,.HTW,.HTX,.HXS,.INF,.INI,.JPG,.JS,.JTD,.KSE,.LGP,.LIB,.LNK,.MDB,.MHT,.MHTM,.MHTML,.MOD,.MPD,.MPP,.MPT,.MRC,.OCX,.PIF,.PL,.PLG,.PM,.PNF,.PNP,.POT,.PPA,.PPS,.PPT,.PRC,.PWZ,.QLB,.QPW,.REG,.RTF,.SBF,.SCR,.SCT,.SH,.SHB,.SHS,.SHT,.SHTML,.SHW,.SIS,.SMM,.SWF,.SYS,.TD0,.TLB,.TSK,.TSP,.TT6,.VBA,.VBE,.VBS,.VBX,.VOM,.VSD,.VSS,.VST,.VWP,.VXD,.VXE,.WBK,.WBT,.WIZ,.WK,.WML,.WPC,.WPD,.WSC,.WSF,.WSH,.XLS,.XML,.XTP</extensions>

<include_files_with_no_extension>0</include_files_with_no_extension>

</file_types>

</scan_file_types>

<exclusions>

<file></file>

<folder></folder>

<file_types>

<extensions></extensions>

</file_types>

</exclusions>

</on_demand_scanning>

</antivirus>

</forticlient_configuration>

The following table provides the XML tags for on-demand scans, as well as the descriptions and default values where applicable.

XML tag

Description

Default value

<use_extreme_db>

Use the extreme database.

Boolean value: [0 | 1]

0

<on_virus_found>

The action FortiClient performs if it finds a virus. Configure one of the following:

  • 4: quarantine infected files. You can use FortiClient to view, restore, or delete the quarantined file, as well as view the virus name, submit the file to FortiGuard, and view logs.
  • 5: deny access to infected files.

4

<pause_on_battery_power>

Pause scanning when the computer is running on battery power.

Boolean value: [0 | 1]

1

<allow_admin_to_stop>

Control whether the local administrator can stop a scheduled or on-demand AV scan that the EMS administrator initiated.

Boolean value: [0 | 1]

1

<signature_load_memory_threshold>

Configure the threshold used to control memory allocation mechanism for signature loading. When the physical machine has more memory than the threshold, it uses the static memory mechanism to load signatures one time, which ensures that the scan is efficient. When the physical machine has less memory than the threshold, it uses the dynamic memory mechanism to load the signatures, which ensures that the scan process does not use too much memory.

<heuristic_scanning> elements

The new FortiClient AV engine incorporates a smarter signature-less machine learning (ML)-based advanced threat detection. The antimalware solution includes ML models static and dynamic analysis of threats.

<level>

This setting applies to real-time and on-demand scans. Enable or disable ML:

  • 0: disable ML.
  • 2: enable ML. If you enter a value higher than 2, the value defaults to 2.

<action>

The action that FortiClient performs if it finds a virus. Enter one of the following:

  • 0: detect the sample, display a warning message, and log the activity.
  • 2: quarantine infected files. You can use FortiClient to view, restore, or delete the quarantined file, as well as view the virus name, submit the file to FortiGuard, and view logs. If you enter a value higher than 2, the value defaults to 2.

<automatic_virus_submission> elements

<enabled>

Automatically submit suspicious files to FortiGuard for analysis. You do not receive feedback for files submitted for analysis. The FortiGuard team is able to create signatures for any files that are submitted for analysis and determined to be malicious.

Boolean value: [0 | 1]

0

<smtp_server>

SMTP server IP address or FQDN.

fortinetvirussubmit.com

<username>

SMTP server username.

<password>

SMTP server encrypted or non-encrypted password.

<compressed_files> elements

<scan>

Scan archive files, including zip, rar, and tar files, for threats.

Boolean value: [0 | 1]

1

<maxsize>

Maximum compressed file size to scan in MB. A number up to 65535. 0 means no limit.

0

<riskware> elements

<enabled>

Scan for riskware. Riskware refers to legitimate programs which, when installed and executed, presents a possible but not definite risk to the computer.

Boolean value: [0 | 1]

1

<adware> element

<enabled>

Scan for adware. Adware is a form of software that downloads or displays unwanted ads when a user is online.

Boolean value: [0 | 1]

1

<scan_file_types> element

<all_files>

Scan all file types. If enabled, ignore the <file_types> element.

Boolean value: [0 | 1]

1

<scan_file_types> <file_types> elements

<extensions>

Enter a comma separated list of extensions to scan.

<include_files_with_no_extension>

Determines whether to scan files with no extension.

Boolean value: [0 | 1]

0

<exclusions> elements

<file>

Full path to a file to exclude from on-demand scanning. Wildcards are not accepted. Element may be repeated to list more files.

<folder>

Full path to a directory to exclude from on-demand scanning. Element may be repeated to list more directories. Shadow Copy format is supported, for example, <folder>\Device\HarddiskVolumeShadowCopy*</folder>. Shadow Copy is also known as Volume Snapshot Service, Volume Shadow Copy Service, or VSS. Wildcards are not accepted.

<exclusions> <file_types> element

<extensions>

Comma separated list of extensions to exclude from on-demand scanning.