Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
shashe1
New Contributor

How can I make Antivirus exceptions?

I am planning to enforce Antivirus filtering to Internet bound traffic on Fortigate running 7.2.4. I wonder how I can make exceptions for any potential false positives without turning off the filtering altogether?

5 REPLIES 5
pgautam
Staff
Staff

Hi Team,

 

Thank you for posting your query.

On Foritgate 7.2.4 fortiOS new feature is added to the exempt list for file-based scanning based on the hash value.

 

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/413511/exempt-list-for-files...

 

Regards

Priyanka

Christian_89
Contributor III

To set up exceptions for potential false positives in antivirus filtering on your Fortigate 7.2.4, there are several options:

URL Filter: You can exclude certain URLs or domains from antivirus filtering by adding them to the list of allowed URLs or domains. To do this, go to Security Profiles > Web Filter > URL Filter and add the URLs or domains to the list of allowed URLs.
File types: You can exclude certain file types from antivirus filtering by adding them to the list of allowed file types. To do this, go to Security Profiles > AntiVirus > Profiles and select the profile type you want to edit. Click "Edit" and select the "File Types" tab. Add the file types to the list of allowed file types.
IP addresses: You can exclude certain IP addresses from antivirus filtering by adding them to the list of allowed IP addresses. To do this, go to Security Profiles > AntiVirus > Profiles and select the profile type you want to edit. Click "Edit" and select the "IP Address" tab. Add the IP addresses to the list of allowed IP addresses.
However, it is important to make sure that you do not exclude any potentially dangerous websites, files or IP addresses from antivirus filtering. Make sure that you only set up exceptions for trusted sources and keep the exceptions to a minimum to ensure the security of your network.

shashe1

@Christian_89 @pgautam Thank you very much for the responses. I am looking to exempt a signature or an IP for a specific signature.  I used to do those types of exceptions with PaloAlto and wondering if Fortinet allows me to do that?

Christian_89

Yes, Fortinet allows you to create exceptions for specific signatures or IPs using its security policies. The following are the steps to create an exception in Fortinet. 1:

1. log in to your Fortinet device and navigate to the Security Profiles menu.
2. select the profile that contains the signature you want to exclude, such as the Antivirus profile.
Click the Exclusions tab, and then click Add Exception. 4.
Select the signature to exclude from the drop-down list, or enter the IP address or range to exclude. 5.
Select the action you want to apply to the exception, such as "Allow" or "Disable". 6.
Give the exception a name and description, and then click OK to save the exception.

After you create the exception, you can apply it to a specific security policy or globally to all policies that use the selected profile. To apply it to a specific policy, go to Policy Configuration, select the profile you modified, and then select the exception you created.

Remember that creating too many exceptions can reduce the effectiveness of your security measures. Therefore, it is important to carefully consider which signatures or IPs to exclude, and to regularly review and update the exceptions as needed.

shashe1

 

Unable to find exceptions tab in AV profile. am I looking in the right window?

 av.png

Top Kudoed Authors