Quarantine page Lists all files that are considered quarantined by the unit. On this page you can filter information so that only specific files are displayed on the page. | |
GUI Item | Description |
Source | Either FortiAnalyzer or Local disk, depending where you configure to quarantined files to be stored. |
Sort by | Sort the list. Choose from: Status, Service, File Name, Date, TTL, or Duplicate Count. Select Apply to complete the sort. |
Filter | Filter the list. Choose either Status (infected, blocked, or heuristics) or Service (IMAP, POP3, SMTP, FTP, HTTP, MM1, MM3, MM4, MM7, IM, or NNTP). Select Apply to complete the filtering. Heuristics mode is configurable through the CLI only. If your unit supports SSL content scanning and inspection Service can also be IMAPS, POP3S, SMTPS, or HTTPS. For more information, see the Security Features chapter of the FortiOS Handbook. |
Apply | Select to apply the sorting and filtering selections to the list of quarantined files. |
Delete | Select to delete the selected files. |
Page Controls | Use the controls to page through the list. |
Remove All Entries | Removes all quarantined files from the local hard disk. This icon only appears when the files are quarantined to the hard disk. |
File Name | The file name of the quarantined file. When a file is quarantined, all spaces are removed from the file name, and a 32-bit checksum is performed on the file. The checksum appears in the replacement message but not in the quarantined file. The file is stored on the Fortinet hard disk with the following naming convention: <32bit_CRC>.<processed_filename> For example, a file named Over Size.exe is stored as 3fc155d2.oversize.exe. |
Date | The date and time the file was quarantined, in the format dd/mm/yyyy hh:mm. This value indicates the time that the first file was quarantined if duplicates are quarantined. |
Service | The service from which the file was quarantined (HTTP, FTP, IMAP, POP3, SMTP, MM1, MM3, MM4, MM7, IM, NNTP, IMAPS, POP3S, SMTPS, or HTTPS). |
Status | The reason the file was quarantined: infected, heuristics, or blocked. |
Status Description | Specific information related to the status, for example, “File is infected with “W32/Klez.h”” or “File was stopped by file block pattern.” |
DC | Duplicate count. A count of how many duplicates of the same file were quarantined. A rapidly increasing number can indicate a virus outbreak. |
TTL | Time to live in the format hh:mm. When the TTL elapses, the Fortinet unit labels the file as EXP under the TTL heading. In the case of duplicate files, each duplicate found refreshes the TTL. The TTL information is not available if the files are quarantined on a FortiAnalyzer unit. |
Upload status | Y indicates the file has been uploaded to Fortinet for analysis, N indicates the file has not been uploaded. This option is available only if the Fortinet unit has a local hard disk. |
Download | Select to download the corresponding file in its original format. This option is available only if the Fortinet unit has a local hard disk. |
Submit | Select to upload a suspicious file to Fortinet for analysis. This option is available only if the Fortinet unit has a local hard disk. |