New Contributor

IOC rescan not running


I have IOC rescan enabled globally and it doesn't run as scheduled. What is wrong?

New Contributor

help please cuz fortinet support won't help me. I think we'll have to return this if it's not working.


If you have a valid support contract, fortinet should be able to help you.




First check if your IOC license is valid:

System Settings->Dashboard->License Information->Fortiguard->Indicator of Compromise Service


Do you have rescan for ADOM Settings configured as well?




CLI Commands:


Maybe these diagnose commands can narrow down your problem:

#diagnose test application scansched 11 current all

#diagnose test application scansched 11 history all

#diagnose test application scansched 2


Debugging IOC:

#diagnose debug application scansched 1000

#diagnose debug enable


Restart the IOC daemon:

#diagnose test application scansched 99





Wel.. I'm running into the same problem on three different FAZ running 6.2.3 and 6.2.4 and 6.0.8.


In my case I think it's because the IOC database is not updating.

#diag test application sqllogd 204 stats

#diagnose fmupdate fds-getobject


Last ThreatIntel DB update on the 6.0.8 was on April 15th. The others never received any ThreatIntel DB updates, because were updated recently.


Let's see if TAC can fix it.. to me looks more like a global issue.