Hi,
I was reading the FortiGate antivirus topic from Fortinet website. Also I tested them in my test environment by downloading the file from ecior.org. What I found, until or unless you don't use SSL/SSH decryption profile, this antivirus profile is helpless which means that unless or until we don't do the SSL decryption the encrypted files cant be scanned. Is this correct assumption ? Moreover, can any one please help me to point in right direction that where can I find more information about CPRL ?
Hello,
Yes, your understanding is correct. In order for the FortiGate antivirus profile to scan encrypted files, SSL/SSH decryption must be enabled to decrypt the traffic for inspection. Without decryption, the antivirus profile cannot scan encrypted files for viruses and malware.
You can access the FortiOS documents to understand the requirement and test cases:
https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/122078/deep-inspection
hey mate, what about CPRL ?
Hi Usman,
The FortiGuard Antivirus Service uses Content Pattern Recognition Language (CPRL) to boost both the accuracy and speed of threat detection, going beyond what traditional signature-based methods can offer, especially for more sophisticated threats. Deep inspection is necessary for CPRL to thoroughly analyze encrypted and application-layer traffic.
https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/610527/antivirus-techniques
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.