Hi Friends,
What does the command enable emulator do. I could not find any info on the same in the documentation. Does anybody have an idea what does the enable emulator option do. Is it required or recommended under AV profile.
Regards
Sebastan
Hi
the CLI refrence is your friend specially 5.2 this means:
If you look for a specific information on a option download the CLI refrence and search for the specific option. You will find following information:
Optionally disable the Win32 emulator (used in malware detection) to improve throughput.
[LEFT][size="2"]Note:[/size][/LEFT]
This command is not supported in flow-based
mode.
Be careful about following: The CLI refrence of 5.4 is horrible which means a lot of things missing. As an example: If you look for your specific option you will find it but WITHOUT description. Overall the CLI refrence of 5.4 how it looks like at the moment is fairly unusable a lot of stuff missing, no index etc. etc. What I do is have a look in 5.4 and if I find it with description fine. If I do not find it have a look at 5.2 because this CLI refrence includes everything (mostly 99%) and there you will find the description above regarding your question. This emulator emulates or enables windows like behaviours on how to deal with the file within the av scan engine.
Hope this helps
have fun
Andrea
Thanks Mate,
Looks like I would like to switch back to 5.2 Cli guide. Thanks for the advice. Beyond mentioning that there is a performance impact with emulator any idea around what it is & what benefit it beings in AV profile.
Regards
Sebastan
Hi
if I understood all correct this emulator would/should be used if you have 99% files based on windows files. Because the emulator would emulate windows behaviours is much faster as the normal usage if it is disabled. From my point of view this option should be disabled and only in some cases be enabled if you a platform or whatever which you know that this files checked on the corresponding policy would be windows based files.
Hope this helps
have fun
Andrea
Great yeah for performance as well I think it makes sense to disable cause if we want to use it the AV profile has to be in proxy mode.
Regards
Sebastan
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.