Pushing signatures to AntiVirus

Pushing signatures to AntiVirus

When a FortiSandbox discovers a malicious file, it can create a signature that is sent to the FortiGate, to supplement the AntiVirus signature database. This signature can be used to block that file from entering the network again, and to prevent duplicates of the file being sent to the FortiSandbox in the future. This feature is enabled in an AntiVirus profile.

CLI Syntax

config antivirus profile edit “default”

set ftgd-analytics {everything | suspicious}

set analytics-db {enable | disable}

end

Files blocked by a FortiSandbox signature can be viewed and filtered for in the FortiSandbox dashboard.

In FortiOS 5.4 Beta 2, the URL feature is only available for proxy-based Web Filter profiles.

Information on the current database for both malware signatures and blocked URLs can be found by going to

System > External Security Devices.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.