FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
Jonathan_Body_FTNT
Description
This article describes how to submit a quarantined file detected by the FortiClient as a false positive.

Scope
All FortiClient users

Solution
When FortiClient detects a suspicious file, FortiClient proceeds to send a Virus Alert message like the one below:

This message may or may not be displayed depending on whether your AV signatures are up to date and whether Heuristics scanning is enabled for the File System and Email. To enable, go to AntiVirus & AntiSpyware > Settings, selecting Advanced Settings and then selecting AntiVirus/Email/ Heuristics Scanning.

FD31406_Knova123.jpg

This notification message means that FortiClient has quarantined the suspicious file upon detection. However to submit this file as a false positive then you must perform the following step:

Within the FortiClient console connect to Antivirus/Quarantine, select the ''item'' quarantined. There are two possibilities to submit the false positive. 

FD31406_Knova120.jpg

1) Select the Item quarantined, right click and select Submit as False Positive
2) Select Submit > Submit as False Positive.
FD31406_Knova124.jpg

3) FortiClient displays the following message:

FD31406_Knova121.jpg


4) Once you have submitted the false positive FortiClient submits the file. 

5) To check whether the False Positive has been successfully submitted then you can check in AntiVirus & AntiSpyware >  Settings > Advanced Settings in the Submitted column the Item will appear as Submitted.

Knova126.jpg

Contributors