Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sprashant
Staff
Staff

Created on ‎07-08-2025 05:32 AM Edited on ‎07-11-2025 05:52 AM By Community Manager

Article Id 398258

Troubleshooting Tip : Files dropped by quarantine daemon FortiGate

Description This article describes the error, 'files dropped by quarantine daemon FortiGate ' seen in the general system event log, and how to resolve it.
Scope FortiGate.
Solution

Determine whether there is a sandbox in the environment, if there is a FortiSandbox. Refer  to this KB article: Technical Tip: How to troubleshoot FortiGate and FortiSandbox communication

 

execute system fortisandbox test-connectivity


FortiSandbox is not enabled.

 

Run the debugs:

 

diagnose debug application quarantine -1

diagnose debug console timestamp enable

diagnose debug enable

 

2025-06-23 12:49:44 __quar_ipc_recver()-434: New job, cmd 4, req_length 848, qfd: 11
2025-06-23 12:49:44 __quar_job_validation()-156: quarantine: Vfid=0, Status=0, Status-descr=, Service=4, Checksum=f62bcea6, Size=927, URL_length=11, Mail_header_length=0
2025-06-23 12:49:44 __quar_alloc_job_req()-300: New job created, id: 637479
2025-06-23 12:49:44 quar_put_job_req()-331: Job 637479 deleted
2025-06-23 12:49:45 __quar_ipc_recver()-434: New job, cmd 4, req_length 848, qfd: 11
2025-06-23 12:49:45 __quar_job_validation()-156: quarantine: Vfid=0, Status=0, Status-descr=, Service=4, Checksum=ab2432c8, Size=315, URL_length=30, Mail_header_length=0
2025-06-23 12:49:45 __quar_alloc_job_req()-300: New job created, id: 637480
2025-06-23 12:49:45 quar_put_job_req()-331: Job 637480 deleted
2025-06-23 12:49:46 __quar_ipc_recver()-434: New job, cmd 4, req_length 848, qfd: 11
2025-06-23 12:49:46 __quar_job_validation()-156: quarantine: Vfid=0, Status=0, Status-descr=, Service=4, Checksum=3b3487f7, Size=96, URL_length=11, Mail_header_length=0
2025-06-23 12:49:46 __quar_alloc_job_req()-300: New job created, id: 637481
2025-06-23 12:49:46 quar_put_job_req()-331: Job 637481 deleted

 

In the above logs, see that 'quar': Quarantine daemon is being created and then getting deleted, as there is no FortiSandbox connected.

 

Check the AV profile and make sure quarantine is not enabled because if it is enabled, the logs will be sent, resulting in the error. This will be visible in the cases where external logging (FortiAnalyzer in this case) is enabled, the behavior observed is firewall generates the traffic to be sent towards the FortiSandbox, but fails as there is none connected, resulting in the issue.

 

1.PNG

 

Do:

 

# unset quarantine

# end

 

Run the debugs again to verify no 'quar' jobs are getting created:

Technical Tip: How to troubleshoot FortiGate and FortiSandbox communication

Configuring sandboxing

Technical Tip: Explaining 'Files dropped by quarantine daemon' log message generated by the FortiGat...
177
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.