Downloading quarantined files in archive format NEW
The FortiGate can download quarantined files in an archive format (.TGZ) instead of the original raw file. This allows for a more detailed analysis of the quarantined files and reduces the risk of malware infection.
The FortiGate must have a disk logging capacity or be connected to FortiAnalyzer for logging.
To download a quarantined archive file:
-
Ensure that quarantining files is enabled in the AV profile:
-
Go to Security Profiles > AntiVirus and edit the AV profile.
-
In the APT Protection Options section, verify that Quarantine is enabled. At least one protocol must be enabled in the AV profile for inspection, and AntiVirus scan must be enabled for the Quarantine option to work.
-
-
Go to Log & Report > Security Events and select the AntiVirus card.
-
Select a log entry and click Details. The Log Details pane opens.
-
Select the Archived Data tab and click the download icon (in the AntiVirus title bar).