The firewall goes into Frequent conserve mode due to the failed AntiVirus database verification check as given in the example crash log below:

scanunit=manager pid=189: Warning: could not validate av package /data2/mmdb
(no signature)
the killed daemon is /bin/csfd: status=0x0
scanunit=manager pid=189: Warning: could not validate av package /data2/mmdb
(no signature)
the killed daemon is /bin/sflowd: status=0x0
service=kernel conserve=on total="3962 MB" used="3491 MB" red="3486 MB"
green="3248 MB" msg="Kernel enters memory conserve mode"

This is happening because the AntiVirus database package update is not working. The issue may be resolved by manually updating the signature using the command 'execute update-now'. During this process, the AntiVirus profile must be applied to the firewall policy.

For monitoring for errors during the upgrade process, the following commands could be used:

diagnose debug disable
diagnose debug reset
diagnose debug app update -1
diagnose debug console timestamp enable
diagnose debug enable
execute update-now

To stop the debug use the following command given below.

diagnose debug disable
diagnose debug reset

The FortiGuard connection needs to be reachable to run the update successfully. If the FortiGuard is unreachable, the following KB article can be used: Troubleshooting Tip: Unable to connect to FortiGuard servers