| Description | This article discusses why the AntiVirus profile failed to block the download of a sample virus file from the FortiGuard website. |
| Scope | FortiGate. |
| Solution |
An AntiVirus default profile with custom-deep-inspection for SSL-inspection has been enabled in a policy.
It is still possible to download the virus sample file expected to be blocked by AntiVirus.
Check the SSL-inspection profile used (custom-deep-inspection). It is found that there is an entry of 'fortinet' in the list of exempted addresses. Delete that entry (fortinet).
After it has been removed, it is still possible to download the sample file.
Check the SSL-inspection profile used again (custom-deep-inspection). Disable the 'Reputable websites' option under 'Exempt from SSL Inspection'.
After the changes, it is now blocking the download of sample files from FortiGuard with a proper blocked message shown.
The reason it was not blocked earlier is due to websites related to Fortinet are being exempted from SSL inspection (in the exemption addresses list and part of the reputable websites in the SSL-inspection profile used) used by AntiVirus for scanning. |
