FortiGuard outbreak prevention

FortiGuard Virus Outbreak Protection Service (VOS) allows the FortiGate antivirus database to be subsidized with third-party malware hash signatures curated by FortiGuard. The hash signatures are obtained from FortiGuard's Global Threat Intelligence database. The antivirus database queries FortiGuard with the hash of a scanned file. If FortiGuard returns a match, the scanned file is deemed to be malicious. Enabling the AV engine scan is not required to use this feature.

FortiGuard VOS can be used in both proxy-based and flow-based policy inspections across all supported protocols.


The FortiGate must be registered with a valid FortiGuard outbreak prevention license.

To verify FortiGuard antivirus license information:
  1. Go to System > FortiGuard and locate the Outbreak Prevention section in the table.

  2. See the instructions in the video, How to Purchase or Renew FortiGuard Services, if required.
To enable FortiGuard outbreak prevention:
  1. Go to Security Profiles > AntiVirus.
  2. Edit an antivirus profile, or create a new one.
  3. Under Virus Outbreak Protection, enable Use FortiGuard outbreak prevention database.
  4. Click OK.
To verify FortiGuard antivirus license information:
# diagnose debug rating
Locale       : english

Service      : Web-filter
Status       : Enable
License      : Contract

Service      : Antispam
Status       : Disable

Service      : Virus Outbreak Prevention
Status       : Enable
License      : Contract

-=- Server List (Tue Feb 19 16:36:15 2019) -=-

IP                     Weight    RTT Flags  TZ    Packets  Curr Lost Total Lost             Updated Time          -218      2 DI     -8        113          0          0 Tue Feb 19 16:35:55 2019
To enable all scanunit debug categories:
# diagnose sys scanunit debug all
Set meta-category: all(0xffffffff)
Enabled categories(0xffffffff): daemon job quarantine analytics outbreak-prevention dlp antispam file-filter
# diagnose debug enable
# su 4739 open
su 4739 req vfid 1 id 1 ep 0 new request, size 313, policy id 1, pol