The forticlient (for mac) user interface does not allow any operation on the quarantined files.
How to un-quarantine a file on Forticlient 5.0.6.131 for Mac (10.9.1)?
Quarantined files are apparently stored under the path:
/Library/Application Support/Fortinet/FortiClient/data/quarantine
but the files are prepended by some metadata such as the original path, an indication of the process accessing the file, and the identification of the contained virus, followed by an encrypted version of the file.
How can I restore the original file for further analysis?
Additionally:
the bin folder has several executables:
some of them are obvious (e.g. racoon) and information on their common-line use is generally available on the web, but for others (scanunit, vulscan) documentation is missing. can anyone point me to the documentation?
Thanks,
Peter