Then if you dont mind i have another question (also to do with above).

Our first attempt with had 1 policy with also the av-profile enabled, but when we added the av-profile the application lost contact with the internet and stopped working. Usually this wouldt be a problem, just check the logs and fix whats broken. But with the enabeling for the av-profile the application stops working but we cant find in any of the security logs a reason for this (under was the original firewall interface policy)

config firewall interface-policy
edit 1
set uuid xxxxxxxx
set logtraffic all
set interface "port1"
set srcaddr "all"
set dstaddr "all"
set service "ALL"
set ips-sensor-status enable
set ips-sensor "xxxxx all_default"
set webfilter-profile-status enable
set webfilter-profile "xxxxx-default"
set av-profile-status enable
set av-profile "xxxxxx-default"
next 

Same again any help / tips are welcome..thnxs

can you share the AV profile settings? 

show antivirus profile NAME that you used/applied in the policy and maybe we can figure it out.

also, you say you dont have any logs in GUI: Log & Report > Security Events > Logs > AntiVirus ? 

Here is the av-profile settings we made (its a copy of the default av-profile)

config antivirus profile
edit "Havensteder-default"
set comment "Scan files and block viruses."
config http
set av-scan block
set outbreak-prevention block
end
config ftp
set av-scan block
set outbreak-prevention block
end
config imap
set av-scan block
set outbreak-prevention block
set executables virus
end
config pop3
set av-scan block
set outbreak-prevention block
set executables virus
end
config smtp
set av-scan block
set outbreak-prevention block
set executables virus
end
set extended-log enable
next
end

We check in the log & Report -> Security Events .ie Intrusion prevention logs, Web filter logs and the antivirus logs (that seem to be empty atm). 

I would test the following theory.

Activate back the AV profile on the rule and for the existing flow/sessions of the server towards the Internet, delete them all and try establishing them from scratch after the AV is applied.

you can filter and clear all existing sessions initiated by your server by using a filter described here, https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-filters-to-clear-sessions-on-a-Forti... 

diagnose sys session filter src IP

diagnose sys session clear

In parallel you can start a debug flow to see what's going on with the traffic, like

diagnose debug enable

diagnose debug flow filter saddr IP

diagnose debug flow show function-name enable

diagnose debug flow trace start 1000

after you are done,
diagnose debug disable

Please excuse me for my lack of knowledge but just to confirm what you asking me to do ...
Do you mean restoring the original interface-policy profile (see config below) ?
edit 1
set uuid 6666aa8a-d2a3-51ef-2b8e-5e75ae97a01d
set logtraffic all
set interface "port1"
set srcaddr "all"
set dstaddr "all"
set service "ALL"
set ips-sensor-status enable
set ips-sensor "Havensteder all_default"
set webfilter-profile-status enable
set webfilter-profile "Havensteder-default"
set av-profile-status enable
set av-profile "Havensteder-default"
next
end

Then clear any active sessions from the test server and retest ?

indeed

Sorry funky one last remark/question ... you said "on the rule" do you mean on the firewall rules ? If yes, the config we are using is on the interface (port1=wan port) and we do not have any individual firewall rules with ips/web filter/av-profile we are doing it higher on the wan interface .. would this make any difference with the test you sugested .. thnxs again for your time 

activate the av profile on the rule where in the past it broke the internet access, afterwards clear the existing sessions and see if it access to INET is blocked or not.