FortiClient Monitoring and Quarantine
FortiClient monitoring and quarantine is currently only supported by FortiClient 5.4 for Windows.
FortiSandbox uses a single signature to identify tens of thousands of variations of viral code. A FortiSandbox can send frequent, dynamic signature updates to a FortiGate and FortiClient, which allows files to be blocked before they are sent to the FortiSandbox.
With FortiSandbox, FortiClient, and FortiGate integration, you can configure a FortiGate to send files to FortiSandbox for scanning.
When FortiSandbox determines that a file is infected, it will notify the FortiGate of this event. Then, from
FortiView, the administrator can take action to quarantine the endpoint which downloaded the infected file. FortiGate administrators can quarantine endpoints from FortiView.
To support this, the FortiClient now supports host-level quarantine, which cuts off other network traffic from the endpoint directly, preventing it from infecting or scanning the local network.
When a device is under quarantine, FortiClient cannot be shutdown or uninstalled. A user is also unable to unregister from the FortiGate that quarantined them, or register to another FortiGate unit.
Alternately, FortiGate can release the file to the client before receiving the FortiSandbox scan results, and then have FortiClient quarantine the device when the scan results are available if required.