Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fraser_Morrison
New Contributor

Dynamic Threat Detection

Good Day,

 

I am new to the forums so forgive me if this is not posted in the proper spot. I am trying to enable the Dynamic Threat Detection part of the client. I can install the client as a standalone and it is enabled. But when we connect it to our EMS the feature is no longer enabled. I have looked through every screen that I can find and have had no luck finding where to enable it again. Can someone give me some guidance as to where to enable this feature? Thanks in advance.

 

Fraser

1 Solution
Frank1
New Contributor II

The parameter you are looking for is "use_sandbox_signatures". Slyguy at malwaretips.com claims that, when enabled, the free (unmanaged) client will also get the Dynamic Threat Update "from the global FSB databases which are the combined horsepower of all deployed FortiSandboxes and the signatures those are generating".

 

Config:

    <antivirus>
        <real_time_protection>
            <sandboxing>
                <use_sandbox_signatures>1</use_sandbox_signatures>
            </sandboxing>
        </real_time_protection>
    </antivirus>

View solution in original post

6 REPLIES 6
cmoore
New Contributor

Fraser_Morrison wrote:

Good Day,

 

I am new to the forums so forgive me if this is not posted in the proper spot. I am trying to enable the Dynamic Threat Detection part of the client. I can install the client as a standalone and it is enabled. But when we connect it to our EMS the feature is no longer enabled. I have looked through every screen that I can find and have had no luck finding where to enable it again. Can someone give me some guidance as to where to enable this feature? Thanks in advance.

 

Fraser

I'm looking for this option as well.  I've literally enabled every option trying to find it with no avail.

khj
New Contributor

This worked for the Linux Client. Have not tested the Windows Client.

You can enable "Fortiguard Analytics" by editing the XML Configuration. This will set Dynamic Threat Detection to ON

 

<forticlient_configuration>      <antivirus>           <fortiguard_analytics>1</fortiguard_analytics>      </antivirus> </forticlient_configuration>

Frank1
New Contributor II

The parameter you are looking for is "use_sandbox_signatures". Slyguy at malwaretips.com claims that, when enabled, the free (unmanaged) client will also get the Dynamic Threat Update "from the global FSB databases which are the combined horsepower of all deployed FortiSandboxes and the signatures those are generating".

 

Config:

    <antivirus>
        <real_time_protection>
            <sandboxing>
                <use_sandbox_signatures>1</use_sandbox_signatures>
            </sandboxing>
        </real_time_protection>
    </antivirus>

Duncan
New Contributor III

No of the above worked for me.

rlominick
New Contributor

I have the same question.  Before I got EMS server working, I was able to check the box for Dynamic Threat Detection.  Now that I have my client linked to the EMS server, I can no longer turn that feature on either at the client level or at the EMS server config level.  I am guessing it may require some other Fortinet license or server that I am not using but I can't find any documentation about it.

Duncan
New Contributor III

I ended up getting it working. Something in this configure worked:

<?xml version="1.0" encoding="utf-8"?> <forticlient_configuration generatedby="EMS-6.2.4.0894" policy="Workstations - Test">     <version>5.6.0</version>     <antivirus>         <fortiguard_analytics>1</fortiguard_analytics>         <real_time_protection>             <heuristic_scanning>                 <level>3</level>             </heuristic_scanning>             <sandboxing>                 <use_sandbox_signatures>1</use_sandbox_signatures>                 <action_on_error>0</action_on_error>             </sandboxing>         </real_time_protection>         <on_demand_scanning>             <heuristic_scanning>                 <level>3</level>                 <action>2</action>             </heuristic_scanning>         </on_demand_scanning>     </antivirus>

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors