Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • XML Reference Guide

    Home FortiClient 6.0.4 XML Reference Guide
    6.0.4
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    On-Demand scans

    On-Demand scans

    The <on_demand_scanning> element defines how the antivirus scanner handles scanning of files manually requested by the end user.

    <forticlient_configuration>

    <antivirus>

    <on_demand_scanning>

    <use_extreme_db>1</use_extreme_db>

    <on_virus_found>4</on_virus_found>

    <pause_on_battery_power>1</pause_on_battery_power>

    <signature_load_memory_threshold>8</signature_load_memory_threshold>

    <automatic_virus_submission>

    <enabled>0</enabled>

    <smtp_server>fortinetvirussubmit.com</smtp_server>

    <username />

    <password>Encrypted/NonEncrypted_PasswordString</password>

    </automatic_virus_submission>

    <compressed_files>

    <scan>1</scan>

    <maxsize>0</maxsize>

    </compressed_files>

    <riskware>

    <enabled>1</enabled>

    </riskware>

    <adware>

    <enabled>1</enabled>

    </adware>

    <heuristic_scanning>

    <level>3</level>

    <action>2</action>

    </heuristic_scanning>

    <scan_file_types>

    <all_files>1</all_files>

    <file_types>

    <extensions>.386,.ACE,.ACM,.ACV,.ACX,.ADT,.APP,.ASD,.ASP,.ASX,.AVB,.AX,.AX2,.BAT,.BIN,.BTM,.CDR,.CFM,.CHM,.CLA,.CLASS,.CMD,.CNN,.COM,.CPL,.CPT,.CPY,.CSC,.CSH,.CSS,.DEV,.DLL,.DOC,.DOT,.DRV,.DVB,.DWG,.EML,.EXE,.FON,.GMS,.GVB,.HLP,.HTA,.HTM,.HTML,.HTT,.HTW,.HTX,.HXS,.INF,.INI,.JPG,.JS,.JTD,.KSE,.LGP,.LIB,.LNK,.MDB,.MHT,.MHTM,.MHTML,.MOD,.MPD,.MPP,.MPT,.MRC,.OCX,.PIF,.PL,.PLG,.PM,.PNF,.PNP,.POT,.PPA,.PPS,.PPT,.PRC,.PWZ,.QLB,.QPW,.REG,.RTF,.SBF,.SCR,.SCT,.SH,.SHB,.SHS,.SHT,.SHTML,.SHW,.SIS,.SMM,.SWF,.SYS,.TD0,.TLB,.TSK,.TSP,.TT6,.VBA,.VBE,.VBS,.VBX,.VOM,.VSD,.VSS,.VST,.VWP,.VXD,.VXE,.WBK,.WBT,.WIZ,.WK,.WML,.WPC,.WPD,.WSC,.WSF,.WSH,.XLS,.XML,.XTP</extensions>

    <include_files_with_no_extension>0</include_files_with_no_extension>

    </file_types>

    </scan_file_types>

    <exclusions>

    <file></file>

    <folder></folder>

    <file_types>

    <extensions></extensions>

    </file_types>

    </exclusions>

    </on_demand_scanning>

    </antivirus>

    </forticlient_configuration>

    The following table provides the XML tags for on-demand scans, as well as the descriptions and default values where applicable.

    XML Tag

    Description

    Default Value

    <use_extreme_db>

    Use the extreme database.

    Boolean value: [0 | 1]

    1

    <on_virus_found>

    The action FortiClient performs if a virus is found. Select one of the following:

    • 4: quarantine
    • 5: deny access

    4

    <pause_on_battery_power>

    Suspend scanning when system is on battery.

    Boolean value: [0 | 1]

    1

    <signature_load_memory_threshold>

    Configure the threshold used to control memory allocation mechanism for signature loading. When the physical machine has more memory than the threshold, it uses the static memory mechanism to load signatures one time, which ensures that the scan is efficient. When the physical machine has less memory than the threshold, it uses the dynamic memory mechanism to load the signatures, which ensures that the scan process does not use too much memory.

    <heuristic_scanning> elements

    <level>

    Level is from 0 to 4. Applied to both real-time and on-demand scans. Select one of the following:

    • 0: normal
    • 1: advanced heuristics on highly infected systems
    • 2: Minos engine heuristics on highly infected systems
    • 3: both advanced heuristics on highly infected systems and engine heuristics
    • 4: both, without waiting to determine if system is highly infected

    <action>

    The action FortiClient performs if a virus is found. Select one of the following:

    • 0: warning
    • 1: deny access
    • 2: quarantine
    • 3: submit only

    <automatic_virus_submission> elements

    <enabled>

    Send virus files found to FortiGuard servers.

    Boolean value: [0 | 1]

    0

    <smtp_server>

    SMTP server IP address or FQDN.

    fortinetvirussubmit.com

    <username>

    <password>

    Either encrypted or non-encrypted password.

    <compressed_files> elements

    <scan>

    Enable or disable scanning of compressed files.

    Boolean value: [0 | 1]

    1

    <maxsize>

    Maximum compressed file size to scan in MB. A number up to 65535. 0 means no limit.

    0

    <riskware> elements

    <enabled>

    Enable or disable scanning of riskware files.

    Boolean value: [0 | 1]

    1

    <adware> element

    <enabled>

    Enable or disable scanning of adware files.

    Boolean value: [0 | 1]

    1

    <scan_file_types> element

    <all_files>

    Enabled or disable scanning of all file types. If enabled, ignore the <file_types> element.

    Boolean value: [0 | 1]

    1

    <scan_file_types> <file_types> elements

    <extensions>

    Comma separated list of extensions to scan.

    <include_files_with_no_extension>

    Determines whether to scan files with no extension.

    Boolean value: [0 | 1]

    0

    <exclusions> elements

    <file>

    Full path to a file to exclude from on-demand scanning. Wildcards are not accepted. Element may be repeated to list more files.

    <folder>

    Full path to a directory to exclude from on-demand scanning. Element may be repeated to list more directories. Shadow Copy format is supported, for example, <folder>\Device\HarddiskVolumeShadowCopy*</folder>. Shadow Copy is also known as Volume Snapshot Service, Volume Shadow Copy Service, or VSS. Wildcards are not accepted.

    <exclusions> <file_types> element

    <extensions>

    Comma separated list of extensions to exclude from on-demand scanning.

    Previous
    Next

    On-Demand scans

    On-Demand scans

    The <on_demand_scanning> element defines how the antivirus scanner handles scanning of files manually requested by the end user.

    <forticlient_configuration>

    <antivirus>

    <on_demand_scanning>

    <use_extreme_db>1</use_extreme_db>

    <on_virus_found>4</on_virus_found>

    <pause_on_battery_power>1</pause_on_battery_power>

    <signature_load_memory_threshold>8</signature_load_memory_threshold>

    <automatic_virus_submission>

    <enabled>0</enabled>

    <smtp_server>fortinetvirussubmit.com</smtp_server>

    <username />

    <password>Encrypted/NonEncrypted_PasswordString</password>

    </automatic_virus_submission>

    <compressed_files>

    <scan>1</scan>

    <maxsize>0</maxsize>

    </compressed_files>

    <riskware>

    <enabled>1</enabled>

    </riskware>

    <adware>

    <enabled>1</enabled>

    </adware>

    <heuristic_scanning>

    <level>3</level>

    <action>2</action>

    </heuristic_scanning>

    <scan_file_types>

    <all_files>1</all_files>

    <file_types>

    <extensions>.386,.ACE,.ACM,.ACV,.ACX,.ADT,.APP,.ASD,.ASP,.ASX,.AVB,.AX,.AX2,.BAT,.BIN,.BTM,.CDR,.CFM,.CHM,.CLA,.CLASS,.CMD,.CNN,.COM,.CPL,.CPT,.CPY,.CSC,.CSH,.CSS,.DEV,.DLL,.DOC,.DOT,.DRV,.DVB,.DWG,.EML,.EXE,.FON,.GMS,.GVB,.HLP,.HTA,.HTM,.HTML,.HTT,.HTW,.HTX,.HXS,.INF,.INI,.JPG,.JS,.JTD,.KSE,.LGP,.LIB,.LNK,.MDB,.MHT,.MHTM,.MHTML,.MOD,.MPD,.MPP,.MPT,.MRC,.OCX,.PIF,.PL,.PLG,.PM,.PNF,.PNP,.POT,.PPA,.PPS,.PPT,.PRC,.PWZ,.QLB,.QPW,.REG,.RTF,.SBF,.SCR,.SCT,.SH,.SHB,.SHS,.SHT,.SHTML,.SHW,.SIS,.SMM,.SWF,.SYS,.TD0,.TLB,.TSK,.TSP,.TT6,.VBA,.VBE,.VBS,.VBX,.VOM,.VSD,.VSS,.VST,.VWP,.VXD,.VXE,.WBK,.WBT,.WIZ,.WK,.WML,.WPC,.WPD,.WSC,.WSF,.WSH,.XLS,.XML,.XTP</extensions>

    <include_files_with_no_extension>0</include_files_with_no_extension>

    </file_types>

    </scan_file_types>

    <exclusions>

    <file></file>

    <folder></folder>

    <file_types>

    <extensions></extensions>

    </file_types>

    </exclusions>

    </on_demand_scanning>

    </antivirus>

    </forticlient_configuration>

    The following table provides the XML tags for on-demand scans, as well as the descriptions and default values where applicable.

    XML Tag

    Description

    Default Value

    <use_extreme_db>

    Use the extreme database.

    Boolean value: [0 | 1]

    1

    <on_virus_found>

    The action FortiClient performs if a virus is found. Select one of the following:

    • 4: quarantine
    • 5: deny access

    4

    <pause_on_battery_power>

    Suspend scanning when system is on battery.

    Boolean value: [0 | 1]

    1

    <signature_load_memory_threshold>

    Configure the threshold used to control memory allocation mechanism for signature loading. When the physical machine has more memory than the threshold, it uses the static memory mechanism to load signatures one time, which ensures that the scan is efficient. When the physical machine has less memory than the threshold, it uses the dynamic memory mechanism to load the signatures, which ensures that the scan process does not use too much memory.

    <heuristic_scanning> elements

    <level>

    Level is from 0 to 4. Applied to both real-time and on-demand scans. Select one of the following:

    • 0: normal
    • 1: advanced heuristics on highly infected systems
    • 2: Minos engine heuristics on highly infected systems
    • 3: both advanced heuristics on highly infected systems and engine heuristics
    • 4: both, without waiting to determine if system is highly infected

    <action>

    The action FortiClient performs if a virus is found. Select one of the following:

    • 0: warning
    • 1: deny access
    • 2: quarantine
    • 3: submit only

    <automatic_virus_submission> elements

    <enabled>

    Send virus files found to FortiGuard servers.

    Boolean value: [0 | 1]

    0

    <smtp_server>

    SMTP server IP address or FQDN.

    fortinetvirussubmit.com

    <username>

    <password>

    Either encrypted or non-encrypted password.

    <compressed_files> elements

    <scan>

    Enable or disable scanning of compressed files.

    Boolean value: [0 | 1]

    1

    <maxsize>

    Maximum compressed file size to scan in MB. A number up to 65535. 0 means no limit.

    0

    <riskware> elements

    <enabled>

    Enable or disable scanning of riskware files.

    Boolean value: [0 | 1]

    1

    <adware> element

    <enabled>

    Enable or disable scanning of adware files.

    Boolean value: [0 | 1]

    1

    <scan_file_types> element

    <all_files>

    Enabled or disable scanning of all file types. If enabled, ignore the <file_types> element.

    Boolean value: [0 | 1]

    1

    <scan_file_types> <file_types> elements

    <extensions>

    Comma separated list of extensions to scan.

    <include_files_with_no_extension>

    Determines whether to scan files with no extension.

    Boolean value: [0 | 1]

    0

    <exclusions> elements

    <file>

    Full path to a file to exclude from on-demand scanning. Wildcards are not accepted. Element may be repeated to list more files.

    <folder>

    Full path to a directory to exclude from on-demand scanning. Element may be repeated to list more directories. Shadow Copy format is supported, for example, <folder>\Device\HarddiskVolumeShadowCopy*</folder>. Shadow Copy is also known as Volume Snapshot Service, Volume Shadow Copy Service, or VSS. Wildcards are not accepted.

    <exclusions> <file_types> element

    <extensions>

    Comma separated list of extensions to exclude from on-demand scanning.

    Previous
    Next