Cloud-based malware protection
Cloud-based malware protection attributes are as follows:
<forticlient_configuration>
<cloudscan>
<enabled>1</enabled>
<response_timeout>0</response_timeout>
<when>
<executables_on_removable_media>1</executables_on_removable_media>
<executables_on_mapped_nw_drives>1</executables_on_mapped_nw_drives>
<web_downloads>1</web_downloads>
<email_downloads>1</email_downloads>
</when>
<remediation>
<action>quarantine</action>
<on_error>allow</on_error>
</remediation>
<exceptions>
<exclude_files_from_trusted_sources>1</exclude_files_from_trusted_sources>
<exclude_files_and_folders>1</exclude_files_and_folders>
<folders></folders>
<files></files>
</exceptions>
<submit_by_extensions>
<enabled>1</enabled>
<use_custom_extensions>1</use_custom_extensions>
<custom_extensions>7z,arj,bz2,cpl,dll,doc,docm,docx,dot,dotm,dotx,exe,fla,flv,gz,jsfl</custom_extensions>
</submit_by_extensions>
</cloudscan>
</forticlient_configuration>
The following table provides the XML tags for cloud-based malware protection, as well as the descriptions and default values where applicable.
XML tag |
Description |
Default value |
---|---|---|
<enabled> |
Enable cloud-based malware protection. The cloud-based malware protection feature helps protect endpoints from high risk file types from external sources such as the Internet or network drives by querying FortiGuard to determine whether files are malicious. The following describes the process for cloud-based malware protection:
Boolean value: |
|
<response_timeout> |
Enter the number of seconds to wait for cloud-based malware protection results before allowing file access. If FortiClient does not receive the results before the timeout expires, file access is allowed. |
|
|
||
<executables_on_removable_media> |
Enable submitting files executed from removable media for cloud-based malware protection. Boolean value: |
|
<executables_on_mapped_nw_drives> |
Enable submitting files executed from mapped network drives for cloud-based malware protection. Boolean value: |
|
<web_downloads> |
Enable submitting web downloads for cloud-based malware protection. Boolean value: |
|
<email_downloads> |
Enable submitting email downloads for cloud-based malware protection. Boolean value: |
|
|
||
<action> |
Specify how to handle malicious files. FortiClient can quarantine malicious files. Enter one of the following:
|
|
<on_error> |
Specify how to handle files when FortiClient cannot reach the cloud-based malware protection service. You can block or allow access to files. Enter one of the following:
|
|
|
||
<exclude_files_from_trusted_sources> |
Exclude files signed by trusted sources from cloud-based malware protection submission. Boolean value: |
|
<exclude_files_and_folders> |
Exclude specified folders/files from cloud-based malware protection submission. You must also create the exclusion list. Boolean value: |
|
<folders> |
Specify a list of folders to exclude. Separate multiple files with a comma. Example: |
|
<files> |
Specify a list of files to exclude. Separate multiple folders with a comma. Example: |
|
|
||
<enabled> |
Submit specified file extensions to cloud-based malware protection for analysis. When disabled, FortiClient does not submit any file extensions to cloud-based malware protection. Boolean value: |
|
<use_custom_extensions> |
Enable using a custom list of file extensions. If enabled, configure the custom list of file extensions using the If disabled, this feature only submits high risk file types such as .exe, .doc, .pdf, and .dll to cloud-based malware protection. Boolean value: |
|
<custom_extensions> |
If using a custom list of file extensions, enter the list of desired file extensions, separated only by commas. |
|