Technical Tip: How to delete the Malware Hash Threat Feed 'Block Malwares' external connector from Security Fabric

This article describes that FortiGate might give an error when deleting the 'Block Malware' external connector from the Security Fabric even when it has no references.

The reference window shows no result:

When trying to delete the connector we get the following error:

The external connector can be seen in the CLI with the following commands:

config system external-resource
    edit "Block - Malwares"
        set status enable
        set type malware
        set update-method push
        set comments ''
        set interface-select-method auto
    next
end

The same error appears even if it is tried via CLI:

'Cannot delete a used external resource.
Command_cli_delete:6722 delete table entry Block - Malwares unset oper error ret=-23'

The Solution to this issue is to make the following changes to all the anti-virus security profiles in the FortiGate:

config antivirus profile

    edit default  <----- This should be done for all anti-virus profiles

        set external-blocklist-enable-all disable

end

There will be hidden antivirus profiles and can only be found on CLI as follows :

config antivirus profile
    edit default
        set external-blocklist-enable-all disable
    next
        edit sniffer-profile
            set external-blocklist-enable-all disable
        next
            edit wifi-default
                set external-blocklist-enable-all disable
            end