If a known malware is not detected, check the following:
- Scan profile was changed. The malware might not be able to run in certain VMs.
- A new AV/IPS signature, rating engine, tracer engine was installed.
- Network condition was changed.
- Port3 connection to Internet was modified.
- New firmware was installed.
- The malware execution condition was changed, such as down C&C, time bomb, etc.
The following are some troubleshooting methods:
- Check the logs to see if the Scan Profile was changed or a new signature was installed.
- Check logs for any manual overridden verdicts, white/black list, or YARA rule modifications. The Detailed Report shows how the file was rated.
test-networksto see unit connection to FDN, especially if Web Filter service is down.
- Check port3 next hop gateway for the policy. The path should be clean.
- Try an On-Demand scan of the malware and use the VM Interaction and Scan video features.
- Compare a previous Detailed Report with a recent one.
- Contact Fortinet Support for possible rating/tracer engine bugs.
- Report to firstname.lastname@example.org for further investigation.