Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RolfW
New Contributor

[SOLVED] FortiClient - AntiVirus - Quarantine

Hello there,

 

we have the FortiClient with FortiClient Enterprise Manager in use. I am new to FortClient and asked me, how can I work with the quarantaine files? In the EWS I couldn't see an option for that and on the client I can't delete the files. Is the a main configuration for that, or I am blind to see?

 

FortiClient 5.4.2.0860

FortiClient EMS 1.0.1.0077 Thanks.

 

Regards, Rolf

4 Solutions
Carl_Wallmark
Valued Contributor

Hi Rolf,

 

There is no way you can manage quarantined files via the EMS, everything has to be done manually on each client.

 

I have brought this up, and they say central quarantine is on the roadmap for EMS...

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

View solution in original post

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Carl_Wallmark
Valued Contributor

Hi Rolf,

 

You probably need to go in under File -> Settings, and in the lower part of the screen, you´ll see a padlock, click on it and enter your password (if you have locked the settings with a password), then you can go to quarantine and remove the files.

 

It´s a very strange way of doing this, I hope they will change it.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

View solution in original post

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Carl_Wallmark
Valued Contributor

In the EMS you´ll find it under the profile and then System Settings, on the top of the page. "Password Lock Configuration"

 

After that you do this:

 

1. Disconnect from EMS (Compliance Tab -> "Click to disconnect"

2. File -> Settings

3. Click on padlock, unlock with password

4. Close Settings

5. Go to quarantine, and the buttons should be clickable again.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

View solution in original post

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Carl_Wallmark
Valued Contributor

ah, you probably have the "Disable Unregister" checked in your profile, in System Settings, go down to the bottom and you see a checkbox with "Disable Unregister" 

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

View solution in original post

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
14 REPLIES 14
Maciej
New Contributor

Hi Rolf,

 

what do option do you have in AV Protection tab in your profile on EMS  ? ( " Scan files as they are downloaded or copied to my system" - this option)  

RolfW
New Contributor

Hello Maciej,

 

we (the College before) have "Deny access to infected files" set.

 

Regards, Rolf

Maciej
New Contributor

I think I have bad news for you. I have EMS 1.0.4 and ForiClient 5.4.3, and I checked all options there and none of it allowe user to delete or restore file. 

 

I think that after you lock settings with EMS there is no option to do anything but submite to analyze. This options work only on clients that are not managed by EMS. Also you have to lunch FortiClient console on admin permission.

 

Maybe there is an option to elevate permission on FortiClient under EMS controlle but I don't see it. 

RolfW
New Contributor

Hello Maciej,

 

is it possible over the EMS Console to delete the Quarantine from Clients, or will the files stay forever?

 

Thanks,

 

Rolf

Carl_Wallmark
Valued Contributor

Hi Rolf,

 

There is no way you can manage quarantined files via the EMS, everything has to be done manually on each client.

 

I have brought this up, and they say central quarantine is on the roadmap for EMS...

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
RolfW

Hi Selective,

 

thanks for the information.

 

When I open the client with "administrator" rights, I also couldn't delete the files. What's wrong with me :) ? Thanks.

Regards, Rolf

Carl_Wallmark
Valued Contributor

Hi Rolf,

 

You probably need to go in under File -> Settings, and in the lower part of the screen, you´ll see a padlock, click on it and enter your password (if you have locked the settings with a password), then you can go to quarantine and remove the files.

 

It´s a very strange way of doing this, I hope they will change it.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
RolfW

Hi Selective,

 

thank you, but I can't unlock the padlock. Which setting should be done in the EMS for that? Or I am wrong?

 

Thank you und regards, to Sweden, Rolf

Carl_Wallmark
Valued Contributor

In the EMS you´ll find it under the profile and then System Settings, on the top of the page. "Password Lock Configuration"

 

After that you do this:

 

1. Disconnect from EMS (Compliance Tab -> "Click to disconnect"

2. File -> Settings

3. Click on padlock, unlock with password

4. Close Settings

5. Go to quarantine, and the buttons should be clickable again.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors