Real-time protection
The <real_time_protection>
element configures how the scanner processes files used by programs running on the system.
Several tags are similar between this section and the previous one: <on_demand_scanning>
.
<forticlient_configuration>
<antivirus>
<real_time_protection>
<enabled>1</enabled>
<use_extreme_db>0</use_extreme_db>
<when>0</when>
<ignore_system_when>0</ignore_system_when>
<on_virus_found>0</on_virus_found>
<popup_alerts>0</popup_alerts>
<popup_registry_alerts>0</popup_registry_alerts>
<bypass_java>0</bypass_java>
<cloud_based_detection>
<on_virus_found></on_virus_found>
</cloud_based_detection>
<compressed_files>
<scan>1</scan>
<maxsize>2</maxsize>
</compressed_files>
<riskware>
<enabled>1</enabled>
</riskware>
<adware>
<enabled>1</enabled>
</adware>
<heuristic_scanning>
<level>3</level>
<action>0</action>
</heuristic_scanning>
<scan_file_types>
<all_files>1</all_files>
<file_types>
<extensions>.386,.ACE,.ACM,.ACV,.ACX,.ADT,.APP,.ASD,.ASP,.ASX,.AVB,.AX,.AX2,.BAT,.BIN,.BTM,.CDR,.CFM,.CHM,.CLA,.CLASS,.CMD,.CNN,.COM,.CPL,.CPT,.CPY,.CSC,.CSH,.CSS,.DEV,.DLL,.DOC,.DOT,.DRV,.DVB,.DWG,.EML,.EXE,.FON,.GMS,.GVB,.HLP,.HTA,.HTM,.HTML,.HTT,.HTW,.HTX,.HXS,.INF,.INI,.JPG,.JS,.JTD,.KSE,.LGP,.LIB,.LNK,.MDB,.MHT,.MHTM,.MHTML,.MOD,.MPD,.MPP,.MPT,.MRC,.OCX,.PIF,.PL,.PLG,.PM,.PNF,.PNP,.POT,.PPA,.PPS,.PPT,.PRC,.PWZ,.QLB,.QPW,.REG,.RTF,.SBF,.SCR,.SCT,.SH,.SHB,.SHS,.SHT,.SHTML,.SHW,.SIS,.SMM,.SWF,.SYS,.TD0,.TLB,.TSK,.TSP,.TT6,.VBA,.VBE,.VBS,.VBX,.VOM,.VSD,.VSS,.VST,.VWP,.VXD,.VXE,.WBK,.WBT,.WIZ,.WK,.WML,.WPC,.WPD,.WSC,.WSF,.WSH,.XLS,.XML,.XTP</extensions>
<include_files_with_no_extension>0</include_files_with_no_extension>
</file_types>
</scan_file_types>
<exclusions>
<file />
<folder />
<file_types>
<extensions />
</file_types>
</exclusions>
</real_time_protection>
</antivirus>
</forticlient_configuration>
The following table provides the XML tags for RTP, as well as the descriptions and default values where applicable.
XML Tag |
Description |
Default Value |
---|---|---|
<enabled> |
Enable or disable real time protection. Boolean value: |
1 |
<use_extreme_db> |
Use extreme database. Boolean value: |
|
<when> |
File I/O activities that result in a scan. Select one of the following:
|
0 |
<ignore_system_when> |
Select one of the following:
|
2 |
<on_virus_found> |
The action FortiClient performs if a virus is found. Select one of:
|
5 |
<popup_alerts> |
Display alerts when a virus is found. Boolean value: |
1 |
<popup_registry_alerts> |
Enable or disable pop-up registry alerts. This feature displays alerts if a process tries to change registry start items. Boolean value: |
0 |
<bypass_java> |
Enable or disable bypassing digitally signed Java processes. Boolean value: |
0 |
|
||
<on_virus_found> |
The action FortiClient performs when a virus is detected by the Cloud Based Behavior Scan (CBBS). Select one of the following:
|
|
|
||
<scan> |
Enable or disable scanning of compressed files. Boolean value: |
1 |
<maxsize> |
Maximum compressed file size to scan in MB. A number up to 65535. 0 means no limit. |
2 |
|
||
<enabled> |
Enable or disable scanning of riskware files. Boolean value: |
1 |
|
||
<enabled> |
Enable or disable scanning of adware files. Boolean value: |
1 |
|
||
<level> |
Level is from 0 to 4. Applied to both real-time and on-demand scans. |
|
<action> |
The action FortiClient performs if a virus is found. Select one of:
|
|
|
||
<all_files> |
Enabled or disable scanning of all file types. If enabled, ignore the Boolean value: |
1 |
|
||
<extensions> |
Comma separated list of extensions to scan. |
|
<include_files_with_no_extension> |
Determines whether to scan files with no extension. Boolean value: |
0 |
Combinations of wildcards and variables are not supported. |
||
<file> |
Full path to a file to exclude from on-demand scanning. Element may be repeated to list more files. |
|
<folder> |
Full path to a directory to exclude from on-demand scanning. Element may be repeated to list more directories. Shadow Copy format is supported, for example, |
|
|
||
<extensions> |
Comma separated list of extensions to exclude from on-demand scanning. |
|
<sandboxing> element
|
||
<enabled> |
Enable or disable FortiSandbox configuration. Boolean value: |
|
<sandbox_address> |
||
<timeout> |
Specify how long to wait in seconds for FortiSandbox results before allowing file access. When set to 0 seconds, file access is granted without waiting for FortiSandbox results. Range: |
|
<use_sandbox_signatures> |
Enable or disable the use of FortiSandbox signatures. Boolean value: |
|
<check_for_signatures_every> |
Specify how often to check for FortiSandbox signatures when Boolean value: |
|
<action_on_error> |
Specify whether to block traffic when FortiSandbox finds errors. When this setting is Boolean value: |
0 |
<scan_usb> |
Enable or disable sending files from USB drives to FortiSandbox for scanning. When this setting is Boolean value: |
0 |
<scan_mapped_drives> |
Enable or disable sending files from mapped drives to FortiSandbox for scanning. When this setting is Boolean value: |
0 |