Dynamic Threat Detection

Forum|Forum|7 years ago
August 8, 2018
2 replies
17698 views

Good Day,

I am new to the forums so forgive me if this is not posted in the proper spot. I am trying to enable the Dynamic Threat Detection part of the client. I can install the client as a standalone and it is enabled. But when we connect it to our EMS the feature is no longer enabled. I have looked through every screen that I can find and have had no luck finding where to enable it again. Can someone give me some guidance as to where to enable this feature? Thanks in advance.

Fraser

Best answer by Frank1

The parameter you are looking for is "use_sandbox_signatures". Slyguy at malwaretips.com claims that, when enabled, the free (unmanaged) client will also get the Dynamic Threat Update "from the global FSB databases which are the combined horsepower of all deployed FortiSandboxes and the signatures those are generating".

Config:

    <antivirus>
        <real_time_protection>
            <sandboxing>
                <use_sandbox_signatures>1</use_sandbox_signatures>
            </sandboxing>
        </real_time_protection>
    </antivirus>

cmoore

New Member

Fraser_Morrison wrote:
Good Day,

I am new to the forums so forgive me if this is not posted in the proper spot. I am trying to enable the Dynamic Threat Detection part of the client. I can install the client as a standalone and it is enabled. But when we connect it to our EMS the feature is no longer enabled. I have looked through every screen that I can find and have had no luck finding where to enable it again. Can someone give me some guidance as to where to enable this feature? Thanks in advance.

Fraser

I'm looking for this option as well. I've literally enabled every option trying to find it with no avail.

khj

New Member

This worked for the Linux Client. Have not tested the Windows Client.

You can enable "Fortiguard Analytics" by editing the XML Configuration. This will set Dynamic Threat Detection to ON

<forticlient_configuration> <antivirus> <fortiguard_analytics>1</fortiguard_analytics> </antivirus> </forticlient_configuration>

Frank1Answer

New Member

The parameter you are looking for is "use_sandbox_signatures". Slyguy at malwaretips.com claims that, when enabled, the free (unmanaged) client will also get the Dynamic Threat Update "from the global FSB databases which are the combined horsepower of all deployed FortiSandboxes and the signatures those are generating".

Config:

    <antivirus>
        <real_time_protection>
            <sandboxing>
                <use_sandbox_signatures>1</use_sandbox_signatures>
            </sandboxing>
        </real_time_protection>
    </antivirus>

rlominick

New Member

I have the same question. Before I got EMS server working, I was able to check the box for Dynamic Threat Detection. Now that I have my client linked to the EMS server, I can no longer turn that feature on either at the client level or at the EMS server config level. I am guessing it may require some other Fortinet license or server that I am not using but I can't find any documentation about it.

Duncan

New Member

I ended up getting it working. Something in this configure worked:

<?xml version="1.0" encoding="utf-8"?> <forticlient_configuration generatedby="EMS-6.2.4.0894" policy="Workstations - Test"> <version>5.6.0</version> <antivirus> <fortiguard_analytics>1</fortiguard_analytics> <real_time_protection> <heuristic_scanning> <level>3</level> </heuristic_scanning> <sandboxing> <use_sandbox_signatures>1</use_sandbox_signatures> <action_on_error>0</action_on_error> </sandboxing> </real_time_protection> <on_demand_scanning> <heuristic_scanning> <level>3</level> <action>2</action> </heuristic_scanning> </on_demand_scanning> </antivirus>

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded