Fortinet black logo

Administration Guide

Home FortiNDR 7.0.2 Administration Guide
7.0.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

File scan flow

File scan flow

Stage 1

All files to be scanned go through the same flow. First, the files are scanned by the Antivirus static engine. The AV engine identifies the file types and assigns a verdict at the same time. If the files are archive files such as ZIP or TAR, they are extracted at this stage (up to 12 layers). The extracted files are then sent back to be scanned by the Antivirus static engine.

Stage 2

If it is a supported file type by ANN (listed above), file type, files are sent to either the Binary or Text AI engine for the Stage 2 scan. Files will go through the Stage 2 Scan regardless of the verdict in Stage 1. The AI engine will only override the verdict if the file is Clean in Stage 1 and Malicious in Stage 2. The Stage 2 AI scan enriches the IOC information and malicious feature composition in the sample detail view.

Previous
Next

File scan flow

Stage 1

All files to be scanned go through the same flow. First, the files are scanned by the Antivirus static engine. The AV engine identifies the file types and assigns a verdict at the same time. If the files are archive files such as ZIP or TAR, they are extracted at this stage (up to 12 layers). The extracted files are then sent back to be scanned by the Antivirus static engine.

Stage 2

If it is a supported file type by ANN (listed above), file type, files are sent to either the Binary or Text AI engine for the Stage 2 scan. Files will go through the Stage 2 Scan regardless of the verdict in Stage 1. The AI engine will only override the verdict if the file is Clean in Stage 1 and Malicious in Stage 2. The Stage 2 AI scan enriches the IOC information and malicious feature composition in the sample detail view.

Previous
Next