Fortinet black logo

Online Help

Quarantine Files

Copy Link
Copy Doc ID df548089-ec91-11ee-8c42-fa163e15d75b:704991

Quarantine Files

FortiCASB conducts active anti-virus and malware detection scan when new files are uploaded to the cloud accounts. FortiCASB AV scan supports any type of file in detecting virus or malware.

The AV Scan Pattern needs to be enabled in the data security policy to initiate AV scan and virus/malware quarantine. When creating a data security policy, AV Scan Pattern is under Malware.

When a data security policy with AV Scan pattern is enabled, and file is detected to be infected by virus or malware in the cloud account, an alert will be generated. The infected file will be quarantined for review.

If alert notification is enabled in the data security policy, an alert will be sent to the FortiCASB user or the file owner to take action on the quarantined file.

File Quarantine and Quarantine Directory

When a file is found to be infected by malware or virus, FortiCASB will remove the file from the original directory and move it to a quarantine directory in the cloud account. There are two types of quarantine directories.

  1. Default quarantine directory - The default quarantine directory is preconfigured by FortiCASB as forticasb_quarantine_directory~. The quarantine directory will be placed at the root or top level of the file owner's account.
  2. Shared account quarantine directory - If the infected file is in a shared account directory, the file will be removed from the shared account directory and placed at the root level of the file owner's account inside the directory, "forticasb_quarantine_directory~".
It is recommended for the file owner to review and remove the infected file from the quarantine directory.

Quarantine directory location by cloud account platform

Cloud Account Platform Quarantine Directory Location
Google Workspace Root or top level of the file owner's account.
Office 365 One Drive Root or top level of the file owner's account.
Office 365 SharePoint Root or top level at the SharePoint Site of the file owner.
Box Root or top level of the file owner's account.
Dropbox Root or top level of the file owner's account.

Egnyte

Root or top level of the file owner's account.

Examples of quarantine directory on different cloud accounts

Quarantine directory on Office 365 One Drive

Quarantine directory on Dropbox Account

Quarantine directory on Office 365 SharePoint Site

Quarantine directory on Egnyte account

Quarantine Files

FortiCASB conducts active anti-virus and malware detection scan when new files are uploaded to the cloud accounts. FortiCASB AV scan supports any type of file in detecting virus or malware.

The AV Scan Pattern needs to be enabled in the data security policy to initiate AV scan and virus/malware quarantine. When creating a data security policy, AV Scan Pattern is under Malware.

When a data security policy with AV Scan pattern is enabled, and file is detected to be infected by virus or malware in the cloud account, an alert will be generated. The infected file will be quarantined for review.

If alert notification is enabled in the data security policy, an alert will be sent to the FortiCASB user or the file owner to take action on the quarantined file.

File Quarantine and Quarantine Directory

When a file is found to be infected by malware or virus, FortiCASB will remove the file from the original directory and move it to a quarantine directory in the cloud account. There are two types of quarantine directories.

  1. Default quarantine directory - The default quarantine directory is preconfigured by FortiCASB as forticasb_quarantine_directory~. The quarantine directory will be placed at the root or top level of the file owner's account.
  2. Shared account quarantine directory - If the infected file is in a shared account directory, the file will be removed from the shared account directory and placed at the root level of the file owner's account inside the directory, "forticasb_quarantine_directory~".
It is recommended for the file owner to review and remove the infected file from the quarantine directory.

Quarantine directory location by cloud account platform

Cloud Account Platform Quarantine Directory Location
Google Workspace Root or top level of the file owner's account.
Office 365 One Drive Root or top level of the file owner's account.
Office 365 SharePoint Root or top level at the SharePoint Site of the file owner.
Box Root or top level of the file owner's account.
Dropbox Root or top level of the file owner's account.

Egnyte

Root or top level of the file owner's account.

Examples of quarantine directory on different cloud accounts

Quarantine directory on Office 365 One Drive

Quarantine directory on Dropbox Account

Quarantine directory on Office 365 SharePoint Site

Quarantine directory on Egnyte account