Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiClient 6.4.7 Administration Guide
    6.4.7
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0

    Viewing AntiVirus scan results

    Viewing AntiVirus scan results

    You can view quarantined threats, site violations, alerts, and RTP events.

    For details on viewing quarantined threats, see Viewing quarantined files.

    Viewing site violations

    On the Site Violations page, you can view site violations and submit sites to be recategorized.

    1. On the Malware Protection tab, click X Threats Detected.

      Site Violations displays the following options:

      URL

      Website URL.

      CATEGORY

      Web filter category the site belongs to.

      TIME

      Date and time of the site violation.

      USER

      User who attempted to access the site.
    2. Click Close.

    Viewing alerts

    When FortiClient AV detects a virus while attempting to download a file via a web browser, a warning displays.

    Select View recently detected virus(es) to collapse the virus list. Right-click a file in the list to access the following context menu:

    Delete

    Delete a quarantined or restored file.

    Quarantine

    Quarantine a restored file.

    Restore

    Restore a quarantined file.

    Submit Suspicious File

    Submit a file to FortiGuard as a suspicious file.

    Submit as False Positive

    Submit a quarantined file to FortiGuard as a false positive.

    Add to Exclusion List

    Add a restored file to the exclusion list. Any files in the exclusion list are not scanned.

    Open File Location

    Open the file location on your workstation.

    Depending on the settings received from EMS, virus alert dialog may or may not display when you attempt to download a virus in a web browser.

    Viewing RTP events

    When an AV RTP event has occurred, you can view these events in FortiClient.

    1. From the Malware Protection tab, select Threats Detected.
    2. Select Real-time Protection events (x).

      The realtime_scan.log opens in the default viewer.

      Example log output:

      Realtime scan result:

      time: Wed Jan 9 09:52:18 2019, Realtime Protection Started, AV_ENGINE:6.00012 MDARE_ENGINE:2.00068 AV_SIG:1.00000 AV_EXT_SIG:1.00000 MDARE_SIG:1.00000

      time: Wed Jan 9 09:52:42 2019, virus found: EICAR_TEST_FILE, action: Quarantined, C:\Users\Administrator\Downloads\5adfd0ce-278a-4697-8a97-624b307df63c.tmp

    Previous
    Next

    Viewing AntiVirus scan results

    Viewing AntiVirus scan results

    You can view quarantined threats, site violations, alerts, and RTP events.

    For details on viewing quarantined threats, see Viewing quarantined files.

    Viewing site violations

    On the Site Violations page, you can view site violations and submit sites to be recategorized.

    1. On the Malware Protection tab, click X Threats Detected.

      Site Violations displays the following options:

      URL

      Website URL.

      CATEGORY

      Web filter category the site belongs to.

      TIME

      Date and time of the site violation.

      USER

      User who attempted to access the site.
    2. Click Close.

    Viewing alerts

    When FortiClient AV detects a virus while attempting to download a file via a web browser, a warning displays.

    Select View recently detected virus(es) to collapse the virus list. Right-click a file in the list to access the following context menu:

    Delete

    Delete a quarantined or restored file.

    Quarantine

    Quarantine a restored file.

    Restore

    Restore a quarantined file.

    Submit Suspicious File

    Submit a file to FortiGuard as a suspicious file.

    Submit as False Positive

    Submit a quarantined file to FortiGuard as a false positive.

    Add to Exclusion List

    Add a restored file to the exclusion list. Any files in the exclusion list are not scanned.

    Open File Location

    Open the file location on your workstation.

    Depending on the settings received from EMS, virus alert dialog may or may not display when you attempt to download a virus in a web browser.

    Viewing RTP events

    When an AV RTP event has occurred, you can view these events in FortiClient.

    1. From the Malware Protection tab, select Threats Detected.
    2. Select Real-time Protection events (x).

      The realtime_scan.log opens in the default viewer.

      Example log output:

      Realtime scan result:

      time: Wed Jan 9 09:52:18 2019, Realtime Protection Started, AV_ENGINE:6.00012 MDARE_ENGINE:2.00068 AV_SIG:1.00000 AV_EXT_SIG:1.00000 MDARE_SIG:1.00000

      time: Wed Jan 9 09:52:42 2019, virus found: EICAR_TEST_FILE, action: Quarantined, C:\Users\Administrator\Downloads\5adfd0ce-278a-4697-8a97-624b307df63c.tmp

    Previous
    Next