Fortinet white logo
Fortinet white logo

Administration Guide

Cloud Based Malware Protection

Cloud Based Malware Protection

The cloud-based malware protection feature helps protect endpoints from high risk file types from external sources such as the Internet or network drives by querying FortiGuard to determine whether files are malicious. The following describes the process for cloud-based malware protection:

  1. A high risk file is downloaded or executed on the endpoint.
  2. FortiClient generates a SHA1 checksum for the file.
  3. FortiClient sends the checksum to FortiGuard (FQDN with port 8888) to determine if it is malicious against the FortiGuard checksum library.
  4. If the checksum is found in the library, FortiGuard communicates to FortiClient that the file is deemed malware. By default, FortiClient quarantines the file.
Note

This feature only submits high risk file types such as .exe, .doc, .pdf, and .dll to FortiGuard. The list of high risk file types is the same as the list of file types submitted to Sandbox by default. See the FortiClient EMS Administration Guide for details.

Note

For details on seeing quarantined files, see Viewing quarantined files.

Cloud Based Malware Protection

Cloud Based Malware Protection

The cloud-based malware protection feature helps protect endpoints from high risk file types from external sources such as the Internet or network drives by querying FortiGuard to determine whether files are malicious. The following describes the process for cloud-based malware protection:

  1. A high risk file is downloaded or executed on the endpoint.
  2. FortiClient generates a SHA1 checksum for the file.
  3. FortiClient sends the checksum to FortiGuard (FQDN with port 8888) to determine if it is malicious against the FortiGuard checksum library.
  4. If the checksum is found in the library, FortiGuard communicates to FortiClient that the file is deemed malware. By default, FortiClient quarantines the file.
Note

This feature only submits high risk file types such as .exe, .doc, .pdf, and .dll to FortiGuard. The list of high risk file types is the same as the list of file types submitted to Sandbox by default. See the FortiClient EMS Administration Guide for details.

Note

For details on seeing quarantined files, see Viewing quarantined files.