Technical Tip: How to configure heuristic scanning
Description
This article describes how to configure heuristic scanning.
Scope
FortiGate.
Solution
The FortiGate heuristic antivirus engine performs tests on files to detect virus-like behavior or known virus indicators.
Heuristic scanning is performed last after file blocking and virus scanning have found no matches.
In this way, heuristic scanning detects new viruses but also produces some false positive results.
To configure heuristic scanning.
- From CLI, use the following command.
config antivirus heuristic
set mode {pass|block|disable}
end
To configure heuristic settings on models 200 and higher.
- From CLI, use the following command.
config antivirus quarantine
set drop_heuristic {ftp http imap pop3 smtp}
set store_heuristic {ftp http imap pop3 smtp}
end
The heuristic scanning option has changed in version 7.0.x onward and it has been driven by antivirus engine AI.
From CLI, use the following command.
config antivirus settings
set machine-learning-detection enable
end
config antivirus quarantine
set drop-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
set drop-machine-learning imap smtp pop3 http ftp nntp imaps smtps pop3s https ftps mapi cifs ssh
end
In newer versions, heuristic scanning is configured via the antispam profile.
Related documents: