Tag Archives: how to guide for forticlient

Antivirus

Antivirus

FortiClient includes an antivirus module to scan system files, executable files, removable media, dynamic-link library (DLL) files, and drivers. FortiClient will also scan for and remove rootkits. In FortiClient, file-based malware, malicious websites, phishing, and spam URL protection are part of the antivirus module. Scanning can also be extended by using FortiSandbox.

Enable/disable realtime protection

For FortiClient in standalone mode, you can enable and disable realtime protection by using the FortiClient console.

For FortiClient in managed mode, an administrator enables, disables, and configures realtime protection by using a FortiClient profile. See FortiClient profiles on page 29.

Enable/disable Antivirus

This setting can only be configured when FortiClient is in standalone mode.

To enable Antivirus:

  1. On the AntiVirus tab, click the settings icon next to Realtime Protection Disabled. The real-time protection settings page opens.
  2. Select the Scan files as they are downloaded orcopied to my system check box.
  3. Click OK.

If you have another antivirus program installed on your system, FortiClient will show a warning that your system may lock up due to conflicts between different antivirus products.

Conflicting antivirus warning

To disable antivirus:

  1. On the AntiVirus tab, click the settings icon next to Realtime Protection Enable. The real-time protection settings page opens.

Enable/disable realtime protection

  1. Clear the Scan files as they are downloaded orcopied to my system check box, and click OK.

Enable/disable FortiSandbox

This setting can only be configured when FortiClient is in standalone mode.

FortiClient integration with FortiSandbox allows you to submit files to FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they cannot be detected by the local, real-time scanning. Access to the downloaded file is blocked until the scanning result is returned.

As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time and on-demand AV scanning.

You cannot configure this option when FortiClient is connected to FortiGate/EMS. The administrator configures this option on FortiGate/EMS.

To enable FortiSandbox:

  1. On the AntiVirus tab, select the settings icon to open the real-time protection settings page.
  2. Select Extend scanning using FortiSandbox.
  3. Enter the FortiSandbox IP address, then select Test to ensure that the connection is correct.

 

Scan and analysis on demand

  1. Set the remaining options as needed.
  2. Click OK to apply your changes.