Checksum 0 Date/Time 14:45:17 (1387464317) Details host: 66.96.160.153 Direction N/A Dst 66.96.160.153 Dst Interface ISP-Colt Dst Port 80 Identity Index 0 Level warning Log ID 8192 Message File is infected. Policy ID 30 Profile Name default Quarantine Skip No skip Reference http://www.fortinet.com/ve?vid=0 Sequence Number 118125701 Service UNKNOWN(255) Src 192.168.32.20 Src Interface internal2 Src Port 54949 Status Sub Type infected Submitted to FortiGuard Sandbox false Timestamp 12/19/2013 2:45:17 PM Virtual Domain root Virus ZeusHow do I figure out what were the circumstances around this potential exposure? There' s no URL here, no information about the file (name, extension, size), so the information appears to be not actionable (which makes it not useful). I have URL logging disabled, both for personal privacy purposes (to respect the employees) and to reduce log storage. Is it impossible to get more than blind limited protective value out of the FortiGate gateway based antivirus filtering if I don' t enable URL logging? thanks,
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.