Hello there,
we have the FortiClient with FortiClient Enterprise Manager in use. I am new to FortClient and asked me, how can I work with the quarantaine files? In the EWS I couldn't see an option for that and on the client I can't delete the files. Is the a main configuration for that, or I am blind to see?
FortiClient 5.4.2.0860
FortiClient EMS 1.0.1.0077 Thanks.
Regards, Rolf
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Rolf,
There is no way you can manage quarantined files via the EMS, everything has to be done manually on each client.
I have brought this up, and they say central quarantine is on the roadmap for EMS...
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Hi Rolf,
You probably need to go in under File -> Settings, and in the lower part of the screen, you´ll see a padlock, click on it and enter your password (if you have locked the settings with a password), then you can go to quarantine and remove the files.
It´s a very strange way of doing this, I hope they will change it.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
In the EMS you´ll find it under the profile and then System Settings, on the top of the page. "Password Lock Configuration"
After that you do this:
1. Disconnect from EMS (Compliance Tab -> "Click to disconnect"
2. File -> Settings
3. Click on padlock, unlock with password
4. Close Settings
5. Go to quarantine, and the buttons should be clickable again.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
ah, you probably have the "Disable Unregister" checked in your profile, in System Settings, go down to the bottom and you see a checkbox with "Disable Unregister"
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Hi Rolf,
what do option do you have in AV Protection tab in your profile on EMS ? ( " Scan files as they are downloaded or copied to my system" - this option)
Hello Maciej,
we (the College before) have "Deny access to infected files" set.
Regards, Rolf
I think I have bad news for you. I have EMS 1.0.4 and ForiClient 5.4.3, and I checked all options there and none of it allowe user to delete or restore file.
I think that after you lock settings with EMS there is no option to do anything but submite to analyze. This options work only on clients that are not managed by EMS. Also you have to lunch FortiClient console on admin permission.
Maybe there is an option to elevate permission on FortiClient under EMS controlle but I don't see it.
Hello Maciej,
is it possible over the EMS Console to delete the Quarantine from Clients, or will the files stay forever?
Thanks,
Rolf
Hi Rolf,
There is no way you can manage quarantined files via the EMS, everything has to be done manually on each client.
I have brought this up, and they say central quarantine is on the roadmap for EMS...
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Hi Selective,
thanks for the information.
When I open the client with "administrator" rights, I also couldn't delete the files. What's wrong with me :) ? Thanks.
Regards, Rolf
Hi Rolf,
You probably need to go in under File -> Settings, and in the lower part of the screen, you´ll see a padlock, click on it and enter your password (if you have locked the settings with a password), then you can go to quarantine and remove the files.
It´s a very strange way of doing this, I hope they will change it.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Hi Selective,
thank you, but I can't unlock the padlock. Which setting should be done in the EMS for that? Or I am wrong?
Thank you und regards, to Sweden, Rolf
In the EMS you´ll find it under the profile and then System Settings, on the top of the page. "Password Lock Configuration"
After that you do this:
1. Disconnect from EMS (Compliance Tab -> "Click to disconnect"
2. File -> Settings
3. Click on padlock, unlock with password
4. Close Settings
5. Go to quarantine, and the buttons should be clickable again.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.