|
Like viruses, which use many methods to avoid detection, FortiGate uses many techniques to detect viruses.
These detection techniques include:
- Antivirus scan: This is the first, fastest, simplest way to detect malware.
It detects viruses that are an exact match for a signature in the antivirus database.
- Grayware scan: This scan detects unsolicited programs, known as grayware, that have been installed without the user’s knowledge or consent.
Grayware is not technically a virus. I
t is often bundled with innocuous software, but does have unwanted side effects, so it is categorized as malware.
Often, grayware can be detected with a simple FortiGuard grayware signature.
- Machine learning (AI) scan: These scans are based on probability, so it increases the possibility of false positives, but it also detects zero-day attacks.
Zero-day attacks are malwares that are new, unknown, and, therefore, have no existing associated signature.
If the network is a frequent target, enabling an AI scan may be worth the performance cost because it can help to detect a virus before the outbreak begins.
By default, when the AI engine detects a new virus, it logs the file as Suspicious but does not block it.
It is possible to choose whether to block or allow suspicious files.
The AI scan is an optional feature that must be enabled in the CLI. It is possible to configure the action for the AI scan to enable, monitor, or disable using the CLI command in the antivirus settings.
If all antivirus features are enabled, FortiGate applies the following scanning order: antivirus scan, followed by grayware scan, followed by AI scan. |
