Fortinet black logo

Online Help

Home FortiCASB 21.1.0 Online Help
21.1.0
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0

AV Scan and File Quarantine

AV Scan and File Quarantine

FortiCASB conducts active anti-virus and malware detection scan when new files are uploaded to the cloud accounts. FortiCASB AV scan supports any type of file in detecting virus or malware.

If a file is detected to be infected by virus or malware in the cloud account, a notification will be sent to the file owner and email addresses preconfigured by FortiCASB admin user, and the file will be quarantined for review.

File Quarantine and Notification Configuration

When a file is found to be infected by malware or virus, FortiCASB will remove the file from the original directory and move it to a default quarantine directory in the cloud account. File Quarantine Directory has details on the location of the quarantine directory.

A notification will be sent to notify the file owner to take action on the quarantined file. The default quarantine directory is preconfigured by FortiCASB.

Salesforce accounts have not yet implemented the file quarantine feature as Salesforce is undergoing file handling mechanism upgrade. The feature will be added to Salesforce account in the future release.

Follow the steps below to configure file quarantine and notification:

  1. From FortiCASB navigation pane, click on your cloud application (e.g, Office 365).
  2. Go to Policy > Data Analysis.
  3. Scroll down to find "AV Scan Policy", click on the > sign to expand it.
  4. In the General tab, make sure the Status is enabled, if it is not, enable it by clicking the toggle switch button.

  5. Click on the Notification tab, and click on the Enable Email Notification toggle switch button to enable it.

  6. In the Email Receivers filed, enter the email addresses that will receive notification when a file is infected by virus or malware.

    7. Note: The notification will be sent to both the file owner and the email addresses listed in the Email Receivers field.

  7. Click on the Remediation tab, and click Enable Permission toggle switch button to enable file quarantine function.

  8. Click Save to save your setting.

File Quarantine Directory

When a file is detected to be infected with virus or malware, it will be removed from the original directory and placed in a default file quarantine directory, "forticasb_quarantine_directory~". The quarantine directory will be placed at the root or top level of the file owner's account.

If the infected file is in a shared account directory, the file will be removed from the shared account directory and placed at the root level of the file owner's account inside the directory, "forticasb_quarantine_directory~".

Quarantine directory location by cloud account platform:
Cloud Account Platform Quarantine Directory Location
Google Workspace Root or top level of the file owner's account.
Office 365 One Drive Root or top level of the file owner's account.
Office 365 SharePoint Root or top level at the SharePoint Site of the file owner.
Box Root or top level of the file owner's account.
Dropbox Root or top level of the file owner's account.

It is recommended for the file owner to review and remove the infected file from the quarantine directory.

Examples of quarantine directory on different cloud accounts

Quarantine directory on Office 365 One Drive:

Quarantine directory on Dropbox Account:

Quarantine directory on Office 365 SharePoint Site:

Previous
Next

AV Scan and File Quarantine

FortiCASB conducts active anti-virus and malware detection scan when new files are uploaded to the cloud accounts. FortiCASB AV scan supports any type of file in detecting virus or malware.

If a file is detected to be infected by virus or malware in the cloud account, a notification will be sent to the file owner and email addresses preconfigured by FortiCASB admin user, and the file will be quarantined for review.

File Quarantine and Notification Configuration

When a file is found to be infected by malware or virus, FortiCASB will remove the file from the original directory and move it to a default quarantine directory in the cloud account. File Quarantine Directory has details on the location of the quarantine directory.

A notification will be sent to notify the file owner to take action on the quarantined file. The default quarantine directory is preconfigured by FortiCASB.

Salesforce accounts have not yet implemented the file quarantine feature as Salesforce is undergoing file handling mechanism upgrade. The feature will be added to Salesforce account in the future release.

Follow the steps below to configure file quarantine and notification:

  1. From FortiCASB navigation pane, click on your cloud application (e.g, Office 365).
  2. Go to Policy > Data Analysis.
  3. Scroll down to find "AV Scan Policy", click on the > sign to expand it.
  4. In the General tab, make sure the Status is enabled, if it is not, enable it by clicking the toggle switch button.

  5. Click on the Notification tab, and click on the Enable Email Notification toggle switch button to enable it.

  6. In the Email Receivers filed, enter the email addresses that will receive notification when a file is infected by virus or malware.

    7. Note: The notification will be sent to both the file owner and the email addresses listed in the Email Receivers field.

  7. Click on the Remediation tab, and click Enable Permission toggle switch button to enable file quarantine function.

  8. Click Save to save your setting.

File Quarantine Directory

When a file is detected to be infected with virus or malware, it will be removed from the original directory and placed in a default file quarantine directory, "forticasb_quarantine_directory~". The quarantine directory will be placed at the root or top level of the file owner's account.

If the infected file is in a shared account directory, the file will be removed from the shared account directory and placed at the root level of the file owner's account inside the directory, "forticasb_quarantine_directory~".

Quarantine directory location by cloud account platform:
Cloud Account Platform Quarantine Directory Location
Google Workspace Root or top level of the file owner's account.
Office 365 One Drive Root or top level of the file owner's account.
Office 365 SharePoint Root or top level at the SharePoint Site of the file owner.
Box Root or top level of the file owner's account.
Dropbox Root or top level of the file owner's account.

It is recommended for the file owner to review and remove the infected file from the quarantine directory.

Examples of quarantine directory on different cloud accounts

Quarantine directory on Office 365 One Drive:

Quarantine directory on Dropbox Account:

Quarantine directory on Office 365 SharePoint Site:

Previous
Next