Fortinet Document Library

Version:


Table of Contents

2.5.0
Download PDF
Copy Link

Known Malware Cannot be Detected

If a known malware is not detected, check the following:

  • Scan profile was changed. The malware might not be able to run in certain VMs.
  • A new AV/IPS signature, rating engine, tracer engine was installed.
  • Network condition was changed.
  • Port3 connection to Internet was modified.
  • New firmware was installed.
  • The malware execution condition was changed, such as down C&C, time bomb, etc.

The following are some troubleshooting methods:

  1. Check the logs to see if the Scan Profile was changed or a new signature was installed.
  2. note icon

    In 2.5.0 and up, a Calendar page was added for important events for such instances.

  3. Check logs for any manual overridden verdicts, white/black list, or YARA rule modifications. The Detailed Report shows how the file was rated.
  4. Run test-networks to see unit connection to FDN, especially if Web Filter service is down.
  5. Check port3 next hop gateway for the policy. The path should be clean.
  6. Try an On-Demand scan of the malware and use the VM Interaction and Scan video features.
  7. Compare a previous Detailed Report with a recent one.
  8. Contact Fortinet Support for possible rating/tracer engine bugs.
  9. note icon

    In 2.5.0 and up, a new CLI was added to reset engines to firmware version.

Known Malware Cannot be Detected

If a known malware is not detected, check the following:

  • Scan profile was changed. The malware might not be able to run in certain VMs.
  • A new AV/IPS signature, rating engine, tracer engine was installed.
  • Network condition was changed.
  • Port3 connection to Internet was modified.
  • New firmware was installed.
  • The malware execution condition was changed, such as down C&C, time bomb, etc.

The following are some troubleshooting methods:

  1. Check the logs to see if the Scan Profile was changed or a new signature was installed.
  2. note icon

    In 2.5.0 and up, a Calendar page was added for important events for such instances.

  3. Check logs for any manual overridden verdicts, white/black list, or YARA rule modifications. The Detailed Report shows how the file was rated.
  4. Run test-networks to see unit connection to FDN, especially if Web Filter service is down.
  5. Check port3 next hop gateway for the policy. The path should be clean.
  6. Try an On-Demand scan of the malware and use the VM Interaction and Scan video features.
  7. Compare a previous Detailed Report with a recent one.
  8. Contact Fortinet Support for possible rating/tracer engine bugs.
  9. note icon

    In 2.5.0 and up, a new CLI was added to reset engines to firmware version.