Fortinet black logo

Administration Guide

Viewing AntiVirus scan results

Viewing AntiVirus scan results

You can view quarantined threats, site violations, alerts, and RTP events.

For details on viewing quarantined threats, see Viewing quarantined files.

Viewing site violations

On the Site Violations page, you can view site violations and submit sites to be recategorized.

  1. On the Malware Protection tab, click X Threats Detected.

    Site Violations displays the following options:

    URL

    Website URL.

    CATEGORY

    Web filter category the site belongs to.

    TIME

    Date and time of the site violation.

    USER

    User who attempted to access the site.

  2. Click Close.

Viewing alerts

When FortiClient AV detects a virus while attempting to download a file via a web browser, a warning displays.

Select View recently detected virus(es) to collapse the virus list. Right-click a file in the list to access the following context menu. If EMS is managing FortiClient, these options are disabled:

Delete

Delete a quarantined or restored file.

Quarantine

Quarantine a restored file.

Restore

Restore a quarantined file.

Submit Suspicious File

Submit a file to FortiGuard as a suspicious file.

Submit as False Positive

Submit a quarantined file to FortiGuard as a false positive.

Add to Exclusion List

Add a restored file to the exclusion list. FortiClient does not scan any files in the exclusion list.

Open File Location

Open the file location on your workstation.

Depending on the settings received from EMS, virus alert dialog may or may not display when you attempt to download a virus in a web browser.

Viewing RTP events

When an AV RTP event has occurred, you can view these events in FortiClient.

  1. From the Malware Protection tab, select Threats Detected.
  2. Select Real-time Protection events (x).

    The realtime_scan.log opens in the default viewer.

    Example log output:

    Realtime scan result:

    time: Wed Jan 9 09:52:18 2019, Realtime Protection Started, AV_ENGINE:6.00012 MDARE_ENGINE:2.00068 AV_SIG:1.00000 AV_EXT_SIG:1.00000 MDARE_SIG:1.00000

    time: Wed Jan 9 09:52:42 2019, virus found: EICAR_TEST_FILE, action: Quarantined, C:\Users\Administrator\Downloads\5adfd0ce-278a-4697-8a97-624b307df63c.tmp

Viewing AntiVirus scan results

You can view quarantined threats, site violations, alerts, and RTP events.

For details on viewing quarantined threats, see Viewing quarantined files.

Viewing site violations

On the Site Violations page, you can view site violations and submit sites to be recategorized.

  1. On the Malware Protection tab, click X Threats Detected.

    Site Violations displays the following options:

    URL

    Website URL.

    CATEGORY

    Web filter category the site belongs to.

    TIME

    Date and time of the site violation.

    USER

    User who attempted to access the site.

  2. Click Close.

Viewing alerts

When FortiClient AV detects a virus while attempting to download a file via a web browser, a warning displays.

Select View recently detected virus(es) to collapse the virus list. Right-click a file in the list to access the following context menu. If EMS is managing FortiClient, these options are disabled:

Delete

Delete a quarantined or restored file.

Quarantine

Quarantine a restored file.

Restore

Restore a quarantined file.

Submit Suspicious File

Submit a file to FortiGuard as a suspicious file.

Submit as False Positive

Submit a quarantined file to FortiGuard as a false positive.

Add to Exclusion List

Add a restored file to the exclusion list. FortiClient does not scan any files in the exclusion list.

Open File Location

Open the file location on your workstation.

Depending on the settings received from EMS, virus alert dialog may or may not display when you attempt to download a virus in a web browser.

Viewing RTP events

When an AV RTP event has occurred, you can view these events in FortiClient.

  1. From the Malware Protection tab, select Threats Detected.
  2. Select Real-time Protection events (x).

    The realtime_scan.log opens in the default viewer.

    Example log output:

    Realtime scan result:

    time: Wed Jan 9 09:52:18 2019, Realtime Protection Started, AV_ENGINE:6.00012 MDARE_ENGINE:2.00068 AV_SIG:1.00000 AV_EXT_SIG:1.00000 MDARE_SIG:1.00000

    time: Wed Jan 9 09:52:42 2019, virus found: EICAR_TEST_FILE, action: Quarantined, C:\Users\Administrator\Downloads\5adfd0ce-278a-4697-8a97-624b307df63c.tmp