Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kelv1n
New Contributor

FortiClient AntiVirus logs?

Hi

 

Is it possible to see the FortiClient AV results in the FortiAnalyzer? we're replacing Sophos with FortiClient and need a way of viewing any detected viruses and threats across our network.

 

Thanks

6 REPLIES 6
jb_kalm
Contributor

Hi, one way is that you can setup a Forticlient profile as shown in the screenshot. That way once your Forticlients are registered with the Fortigate they are automaticially configured to send their logs to the FAZ.

 

Thanks,

 

jb

 

 

kelv1n
New Contributor

Thanks jb

 

We actually already have this, but what I'd like to know is where are the identified viruses logged? We only have 3 options under the FortiClient log section (see attached) which are Traffic, Event and Vulnerability Scan. 

 

Where are the results shown for Viruses that FortiClient finds on a PC? Sure I want to know when a URL is blocked, but more importantly, I want to know when it find a live virus on a PC as that is an immediate threat to our network.

 

 

jb_kalm
Contributor

Hi kelv1n,

 

It should show up in the Forticlient > Traffic log on the FAZ. I did a test using the EICAR test file and the blocked virus file showed up in the Traffic logs as attached.

 

Thanks,

 

jb

kelv1n
New Contributor

Hi jb,

 

I meant to reply earlier, I discovered that shortly after posting, when a virus is found on the filesystem it goes into FortiClient -> Events.

 

I did try creating a "custom view" to just show found viruses, which saved ok, but when you go to the Custom View  there is no data.. It seems the FortiClient data is treated or handled differently.

 

Has anybody else managed to get a Custom View or have an example report for FortiClient? Ideally I'd just like to be able to have a daily report generated for us.

jb_kalm
Contributor

Now I have a problem because I don't see it under events at all. The only indication is in the Traffic logs.

 

I guess I need to do some more testing :)

 

Thanks,

 

jb

kelv1n
New Contributor

I wanted to understand how the results of actual "scans" were shown.

 

So I disabled the FortiClient and AV of the FortiGate, downloaded "eicar", then reloaded FortiClient and ran a custom filesystem scan on the directory.

Labels
Top Kudoed Authors