Pushing signatures to AntiVirus

Pushing signatures to AntiVirus

When a FortiSandbox discovers a malicious file, it can create a signature that is sent to the FortiGate, to supplement the AntiVirus signature database. This signature can be used to block that file from entering the network again, and to prevent duplicates of the file being sent to the FortiSandbox in the future. This feature is enabled in an AntiVirus profile.

CLI Syntax

config antivirus profile edit “default”

set ftgd-analytics {everything | suspicious}

set analytics-db {enable | disable}


Files blocked by a FortiSandbox signature can be viewed and filtered for in the FortiSandbox dashboard.

In FortiOS 5.4 Beta 2, the URL feature is only available for proxy-based Web Filter profiles.

Information on the current database for both malware signatures and blocked URLs can be found by going to

System > External Security Devices.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos

Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos