View alerts
When FortiClient antivirus detects a virus while attempting to download a file via a web-browser, a warning displays in a dialog box.
Select View recently detected virus(es) to collapse the virus list. Right-click a file in the list to access the context menu.
| Delete | Select to delete a quarantined or restored file. |
| Quarantine | Select to quarantine a restored file. |
| Restore | Select to restore a quarantined file. |
| Submit Suspicious File | Select to submit a file to FortiGuard as a suspicious file. |
| Submit as False Positive | Select to submit a quarantined file to FortiGuard as a false positive. |
| Add to Exclusion List | Select to add a restored file to the exclusion list. Any files in the exclusion list will not be scanned. |
| Open File Location | Select to open the file location on your workstation. |
When Alert when viruses are detected under AntiVirus Options on the Settings page is not selected, you will not receive the virus alert dialog box when attempting to download a virus in a web browser.
View realtime protection events
When an antivirus real-time protection event has occurred you can select to view these events in the FortiClient console. From the AntiVirus tab, select X Threats Detected, then select Real-time Protection events (x) in the left pane. The realtime_scan.log will open in the default viewer.
Example log output:
Realtime scan result: time: 09/29/15 10:46:07, virus found: EICAR_TEST_FILE, action: Quarantined, c:\users\user\desktop\eicar.com
time: 09/29/15 10:46:07, virus found: EICAR_TEST_FILE, action: Quarantined, c:\users\user\desktop\eicar.com.txt
time: 09/29/15 10:46:07, virus found: EICAR_TEST_FILE, action: Quarantined, c:\users\user\desktop\eicarcom2.zip
time: 09/29/15 10:46:08, virus found: EICAR_TEST_FILE, action: Quarantined, c:\users\user\desktop\eicar_com.zip
time: 09/29/15 10:46:39, virus found: EICAR_TEST_FILE, action: Quarantined, c:\users\user\appdata\local\temp\3g_bl8y9.com.part
time: 03/18/15 10:48:13, virus found: EICAR_TEST_FILE, action: Quarantined, c:\users\user\appdata\local\temp\xntwh8q1.zip.part
Configure Antivirus logging
Configure Antivirus logging
In standalone mode, you can configure Antivirus logging by using the FortiClient console.
In managed mode, Antivirus logging is configured by using a FortiClient profile.
To configure Antivirus logging:
- From the File menu, select Settings, and expand the Logging
- Configure the following settings:
| Enable logging for these features | Select antivirus to enable logging for this feature. |
| Log Level | Select the level of logging:
l Emergency: The system becomes unstable. l Alert: Immediate action is required. l Critical: Functionality is affected. l Error: An error condition exists and functionality could be affected. l Warning: Functionality could be affected. l Notice: Information about normal events. l Information: General information about system operations. l Debug: Debug FortiClient. |
| Log file | |
| Export logs | Select to export logs to your local hard disk drive (HDD) in .log format. |
| Clear logs | Select to clear all logs. You will be presented a confirmation window, select Yes to proceed. |
Configure Antivirus options
In standalone mode, you can configure additional settings for the Antivirus tab by using the File > Settings page. See Antivirus options on page 102.
In managed mode, Antivirus options are controlled by the profile assigned to the endpoint by FortiGate/EMS.