Technical Tip: How to delete quarantined files on FortiGate

nathan_h · ‎11-15-2023

Description

This article describes how to delete quarantined files on FortiGate.

Scope

FortiGate.

Solution

Firewall policy with AntiVirus Profile configured:

config firewall policy

edit 22

set name "AV"
set uuid 321929be-83d6-51ee-1ac9-878b3c062155
set srcintf "port2"
set dstintf "port1"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "CustomDeep"
set av-profile "TEST_AV"
set logtraffic all
set nat enable

config antivirus profile

edit "TEST_AV"

set comment "Scan files and block viruses."

config http

set av-scan block
set quarantine enable

end

View the quarantined files on FortiGate:

diag antivirus quarantine list
Quarantine List (Count = 1)
-----------------------------
CHECKSUM SIZE FIRST-TIMESTAMP LAST-TIMESTAMP SERVICE STATUS DC TTL FILENAME DESCRIPTION
6851cf3c 68 2023-11-15 12:29 2023-11-15 12:29 HTTPS Infected 0 FOREVER 'eicar.com' 'EICAR_TEST_FILE'

Delete the quarantined files on FortiGate:

diag antivirus quarantine delete 6851cf3c

diag antivirus quarantine list
Quarantine List (Count = 0)
-----------------------------
CHECKSUM SIZE FIRST-TIMESTAMP LAST-TIMESTAMP SERVICE STATUS DC TTL FILENAME DESCRIPTION

Technical Tip: How to delete quarantined files on FortiGate

Description

Scope

Solution

You are leaving our website