Fortinet black logo

EMS Administration Guide

Viewing quarantined files

Viewing quarantined files

After FortiClient quarantines files on endpoints and sends the quarantined file information to FortiClient EMS, you can view the list of quarantined files on the Files pane. You can also view details about each quarantined file and use filters to access quarantined files with specific qualities.

To view the Files content pane:

You can view information about quarantined files on the Files content pane.

  1. Go to Quarantine Management > Files. The list of quarantined files, a quick status bar, and a toolbar display in the content pane.

    Quarantined Files

    Number of files that FortiClient has quarantined on endpoints. Click to display the list of quarantined files.

    Restored Files

    Number of files that have been restored on endpoints. Click to display the list of restored files.

    Affected Hosts

    Number of hosts where FortiClient has quarantined files. Click to display the list of quarantined files sorted by hostname.

    New Detections

    Number of new detections. Click to display the list of newly detected threats sorted by date detected.

    View

    Toggle between the following options:

    • View all files or view only quarantined files
    • Show or hide full path names for files

    Display by

    Select to display the list of files by instance, host, threat, or date.

    Search All Fields

    Enter a value and press Enter to search for the value in the list of files.

    Filters

    Click to display and hide filters you can use to filter the list of files.

    Refresh

    Click to refresh the list of files in the content pane.

    Clear Filters

    Click to clear all filters applied to the list of files.

    Checkbox

    Click to select all files displayed in the content pane.

    Host

    Hostname of the endpoint. Also shows the group the endpoint belongs to.

    File

    Name of the file.

    Size

    Size of the file in bytes.

    Threat

    Name of threat.

    Source

    Displays how FortiClient detected the threat:

    • Scheduled Scan
    • Email Scan
    • Startup Scan
    • Manual Scan
    • Realtime Scan
    • Rootkit Manual Scan
    • Sandbox Scan

    Status

    Status of the file: Quarantined, Quarantined & Whitelisted, Restored, or Deleted. Also shows the time that FortiClient quarantined the file.

    Summary

    Displays the number of threat instances and number of affected hosts.

To filter the file list:

You can filter the list of files displayed on the Files content pane.

  1. Go to Quarantine Management > Files. The list of files displays.
  2. Click the Filters menu, and set filters.

    The filter options display.

    For text values, you can use a comma (,) to separate values and an exclamation mark (!) to exclude a value.

    Filename

    Enter the file name(s) to include in the filter.

    Location

    Enter the file location(s) to include in the filter.

    Checksum

    Enter the checksum(s) to include in the filter.

    Threat

    Enter the threat(s) to include in the filter. You can also select the desired threat(s) from the dropdown list.

    Source

    Enter the source(s) to include in the filter. You can also select the desired source(s) from the dropdown list.

    Status

    Enter the status(es) to include in the filter. You can also select the desired statuse(s) from the dropdown list.

    Date

    Enter the range of dates to include in the filter.

    Host

    Enter the host(s) to include in the filter. You can also select the desired host(s) from the dropdown list.

    Group

    Enter the endpoint group(s) to include in the filter. You can also select the desired group(s) from the dropdown list.

  3. Click Apply. The filtered list of files displays.
  4. Click Clear Filters to clear the filter settings.

Viewing quarantined files

After FortiClient quarantines files on endpoints and sends the quarantined file information to FortiClient EMS, you can view the list of quarantined files on the Files pane. You can also view details about each quarantined file and use filters to access quarantined files with specific qualities.

To view the Files content pane:

You can view information about quarantined files on the Files content pane.

  1. Go to Quarantine Management > Files. The list of quarantined files, a quick status bar, and a toolbar display in the content pane.

    Quarantined Files

    Number of files that FortiClient has quarantined on endpoints. Click to display the list of quarantined files.

    Restored Files

    Number of files that have been restored on endpoints. Click to display the list of restored files.

    Affected Hosts

    Number of hosts where FortiClient has quarantined files. Click to display the list of quarantined files sorted by hostname.

    New Detections

    Number of new detections. Click to display the list of newly detected threats sorted by date detected.

    View

    Toggle between the following options:

    • View all files or view only quarantined files
    • Show or hide full path names for files

    Display by

    Select to display the list of files by instance, host, threat, or date.

    Search All Fields

    Enter a value and press Enter to search for the value in the list of files.

    Filters

    Click to display and hide filters you can use to filter the list of files.

    Refresh

    Click to refresh the list of files in the content pane.

    Clear Filters

    Click to clear all filters applied to the list of files.

    Checkbox

    Click to select all files displayed in the content pane.

    Host

    Hostname of the endpoint. Also shows the group the endpoint belongs to.

    File

    Name of the file.

    Size

    Size of the file in bytes.

    Threat

    Name of threat.

    Source

    Displays how FortiClient detected the threat:

    • Scheduled Scan
    • Email Scan
    • Startup Scan
    • Manual Scan
    • Realtime Scan
    • Rootkit Manual Scan
    • Sandbox Scan

    Status

    Status of the file: Quarantined, Quarantined & Whitelisted, Restored, or Deleted. Also shows the time that FortiClient quarantined the file.

    Summary

    Displays the number of threat instances and number of affected hosts.

To filter the file list:

You can filter the list of files displayed on the Files content pane.

  1. Go to Quarantine Management > Files. The list of files displays.
  2. Click the Filters menu, and set filters.

    The filter options display.

    For text values, you can use a comma (,) to separate values and an exclamation mark (!) to exclude a value.

    Filename

    Enter the file name(s) to include in the filter.

    Location

    Enter the file location(s) to include in the filter.

    Checksum

    Enter the checksum(s) to include in the filter.

    Threat

    Enter the threat(s) to include in the filter. You can also select the desired threat(s) from the dropdown list.

    Source

    Enter the source(s) to include in the filter. You can also select the desired source(s) from the dropdown list.

    Status

    Enter the status(es) to include in the filter. You can also select the desired statuse(s) from the dropdown list.

    Date

    Enter the range of dates to include in the filter.

    Host

    Enter the host(s) to include in the filter. You can also select the desired host(s) from the dropdown list.

    Group

    Enter the endpoint group(s) to include in the filter. You can also select the desired group(s) from the dropdown list.

  3. Click Apply. The filtered list of files displays.
  4. Click Clear Filters to clear the filter settings.