Good Day,
I am new to the forums so forgive me if this is not posted in the proper spot. I am trying to enable the Dynamic Threat Detection part of the client. I can install the client as a standalone and it is enabled. But when we connect it to our EMS the feature is no longer enabled. I have looked through every screen that I can find and have had no luck finding where to enable it again. Can someone give me some guidance as to where to enable this feature? Thanks in advance.
Fraser
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The parameter you are looking for is "use_sandbox_signatures". Slyguy at malwaretips.com claims that, when enabled, the free (unmanaged) client will also get the Dynamic Threat Update "from the global FSB databases which are the combined horsepower of all deployed FortiSandboxes and the signatures those are generating".
Config:
<antivirus>
<real_time_protection>
<sandboxing>
<use_sandbox_signatures>1</use_sandbox_signatures>
</sandboxing>
</real_time_protection>
</antivirus>
Fraser_Morrison wrote:I'm looking for this option as well. I've literally enabled every option trying to find it with no avail.Good Day,
I am new to the forums so forgive me if this is not posted in the proper spot. I am trying to enable the Dynamic Threat Detection part of the client. I can install the client as a standalone and it is enabled. But when we connect it to our EMS the feature is no longer enabled. I have looked through every screen that I can find and have had no luck finding where to enable it again. Can someone give me some guidance as to where to enable this feature? Thanks in advance.
Fraser
This worked for the Linux Client. Have not tested the Windows Client.
You can enable "Fortiguard Analytics" by editing the XML Configuration. This will set Dynamic Threat Detection to ON
<forticlient_configuration> <antivirus> <fortiguard_analytics>1</fortiguard_analytics> </antivirus> </forticlient_configuration>
The parameter you are looking for is "use_sandbox_signatures". Slyguy at malwaretips.com claims that, when enabled, the free (unmanaged) client will also get the Dynamic Threat Update "from the global FSB databases which are the combined horsepower of all deployed FortiSandboxes and the signatures those are generating".
Config:
<antivirus>
<real_time_protection>
<sandboxing>
<use_sandbox_signatures>1</use_sandbox_signatures>
</sandboxing>
</real_time_protection>
</antivirus>
No of the above worked for me.
I have the same question. Before I got EMS server working, I was able to check the box for Dynamic Threat Detection. Now that I have my client linked to the EMS server, I can no longer turn that feature on either at the client level or at the EMS server config level. I am guessing it may require some other Fortinet license or server that I am not using but I can't find any documentation about it.
I ended up getting it working. Something in this configure worked:
<?xml version="1.0" encoding="utf-8"?> <forticlient_configuration generatedby="EMS-6.2.4.0894" policy="Workstations - Test"> <version>5.6.0</version> <antivirus> <fortiguard_analytics>1</fortiguard_analytics> <real_time_protection> <heuristic_scanning> <level>3</level> </heuristic_scanning> <sandboxing> <use_sandbox_signatures>1</use_sandbox_signatures> <action_on_error>0</action_on_error> </sandboxing> </real_time_protection> <on_demand_scanning> <heuristic_scanning> <level>3</level> <action>2</action> </heuristic_scanning> </on_demand_scanning> </antivirus>
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.