Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Online Help

    Home FortiCASB 21.4.0 Online Help
    21.4.0
    24.4.b
    24.3.b
    24.3.a
    24.2.a
    24.1.b
    24.1.a
    23.4.a
    23.3.a
    23.2.b
    23.2.a
    23.1.0
    22.4.0
    21.4.0
    21.2.0
    21.1.0
    20.4.1
    20.4.0
    20.3.0
    20.2.0
    20.1.0
    4.2.0
    4.1.0
    2.1.0

    AV Scan and File Quarantine

    AV Scan and File Quarantine

    FortiCASB conducts active anti-virus and malware detection scan when new files are uploaded to the cloud accounts. FortiCASB AV scan supports any type of file in detecting virus or malware.

    If a file is detected to be infected by virus or malware in the cloud account, a notification will be sent to the file owner and email addresses preconfigured by FortiCASB admin user, and the file will be quarantined for review.

    File Quarantine and Notification Configuration

    When a file is found to be infected by malware or virus, FortiCASB will remove the file from the original directory and move it to a default quarantine directory in the cloud account. File Quarantine Directory has details on the location of the quarantine directory.

    A notification will be sent to notify the file owner to take action on the quarantined file. The default quarantine directory is preconfigured by FortiCASB.

    Salesforce accounts have not yet implemented the file quarantine feature as Salesforce is undergoing file handling mechanism upgrade. The feature will be added to Salesforce account in the future release.

    Follow the steps below to configure file quarantine and notification:

    1. From FortiCASB navigation pane, click on your cloud application (e.g, Office 365).
    2. Go to Policy > Data Analysis.
    3. Scroll down to find "AV Scan Policy", click on the > sign to expand it.
    4. Make sure the policy is enabled, if it is in Off Status, click On to enable it.

    5. In Enable Email Notification, turn the email notification on and enter the email addresses that will receive notification when a file is infected by virus or malware.

      6. Note: The notification will be sent to both the file owner and the email addresses listed.

    6. In Enable Permission, click On to enable the file quarantine feature.

    7. Click Save Changes to save your setting.

    File Quarantine Directory

    When a file is detected to be infected with virus or malware, it will be removed from the original directory and placed in a default file quarantine directory, "forticasb_quarantine_directory~". The quarantine directory will be placed at the root or top level of the file owner's account.

    If the infected file is in a shared account directory, the file will be removed from the shared account directory and placed at the root level of the file owner's account inside the directory, "forticasb_quarantine_directory~".

    Quarantine directory location by cloud account platform:
    Cloud Account Platform Quarantine Directory Location
    Google Workspace Root or top level of the file owner's account.
    Office 365 One Drive Root or top level of the file owner's account.
    Office 365 SharePoint Root or top level at the SharePoint Site of the file owner.
    Box Root or top level of the file owner's account.
    Dropbox Root or top level of the file owner's account.

    It is recommended for the file owner to review and remove the infected file from the quarantine directory.

    Examples of quarantine directory on different cloud accounts

    Quarantine directory on Office 365 One Drive:

    Quarantine directory on Dropbox Account:

    Quarantine directory on Office 365 SharePoint Site:

    Previous
    Next

    AV Scan and File Quarantine

    AV Scan and File Quarantine

    FortiCASB conducts active anti-virus and malware detection scan when new files are uploaded to the cloud accounts. FortiCASB AV scan supports any type of file in detecting virus or malware.

    If a file is detected to be infected by virus or malware in the cloud account, a notification will be sent to the file owner and email addresses preconfigured by FortiCASB admin user, and the file will be quarantined for review.

    File Quarantine and Notification Configuration

    When a file is found to be infected by malware or virus, FortiCASB will remove the file from the original directory and move it to a default quarantine directory in the cloud account. File Quarantine Directory has details on the location of the quarantine directory.

    A notification will be sent to notify the file owner to take action on the quarantined file. The default quarantine directory is preconfigured by FortiCASB.

    Salesforce accounts have not yet implemented the file quarantine feature as Salesforce is undergoing file handling mechanism upgrade. The feature will be added to Salesforce account in the future release.

    Follow the steps below to configure file quarantine and notification:

    1. From FortiCASB navigation pane, click on your cloud application (e.g, Office 365).
    2. Go to Policy > Data Analysis.
    3. Scroll down to find "AV Scan Policy", click on the > sign to expand it.
    4. Make sure the policy is enabled, if it is in Off Status, click On to enable it.

    5. In Enable Email Notification, turn the email notification on and enter the email addresses that will receive notification when a file is infected by virus or malware.

      6. Note: The notification will be sent to both the file owner and the email addresses listed.

    6. In Enable Permission, click On to enable the file quarantine feature.

    7. Click Save Changes to save your setting.

    File Quarantine Directory

    When a file is detected to be infected with virus or malware, it will be removed from the original directory and placed in a default file quarantine directory, "forticasb_quarantine_directory~". The quarantine directory will be placed at the root or top level of the file owner's account.

    If the infected file is in a shared account directory, the file will be removed from the shared account directory and placed at the root level of the file owner's account inside the directory, "forticasb_quarantine_directory~".

    Quarantine directory location by cloud account platform:
    Cloud Account Platform Quarantine Directory Location
    Google Workspace Root or top level of the file owner's account.
    Office 365 One Drive Root or top level of the file owner's account.
    Office 365 SharePoint Root or top level at the SharePoint Site of the file owner.
    Box Root or top level of the file owner's account.
    Dropbox Root or top level of the file owner's account.

    It is recommended for the file owner to review and remove the infected file from the quarantine directory.

    Examples of quarantine directory on different cloud accounts

    Quarantine directory on Office 365 One Drive:

    Quarantine directory on Dropbox Account:

    Quarantine directory on Office 365 SharePoint Site:

    Previous
    Next