Quarantine

Viewing quarantined files

Quarantine

FortiAnalyzer units can act as a central repository for files that are suspicious or known to be infected by a virus, and have therefore been quarantined by your FortiGate units. This section describes how to view quarantined files.

If a secure connection has been established with the device, the communication between the two units is the same IPSec tunnel that the FortiGate unit uses when sending log files.

For more information about configuring the FortiGate unit to send quarantined files to the FortiAnalyzer unit, see the FortiGate Administration Guide.

This section includes the following topics:

Viewing quarantined files

Note: Sending quarantine files to a FortiAnalyzer unit is available only on FortiGate units running FortiOS 3.0 or later.

FortiAnalyzer units do not accept quarantine files from devices that are not registered within the FortiAnalyzer unit’s device list. For more information about adding devices, see “Manually adding a device” on page 80.

Viewing quarantined files

The quarantine repository displays a list of files quarantined by FortiGate units to the FortiAnalyzer hard disk.

To view quarantined files, go to Quarantine > Repository.

Figure 1: Viewing quarantined files

Show

Select a device from the list of available devices to display the list

 

of quarantined files for a specific device.

Timeframe

Select a span of time when quarantined files were sent to the

 

FortiAnalyzer unit and select Go.

Automatically

Select how often the quarantine page automatically updates.

Refresh

Select Refresh to update the status page immediately.

Delete

Select a file from the list by selecting the check box next to the

 

name and select Delete to remove the quarantined file from the

 

FortiAnalyzer hard disk.

Page n of n

Select a page number x from the list of pages y and press Enter to

 

see the page.

View n per page

Select the number of quarantined files to view on a single page.

From Device

The name of the device where the quarantined file originated.

File Name

The processed file name of the quarantined file.

FortiAnalyzer Version 3.0 MR7 Administration Guide

 

05-30007-0082-20080908

131

Page 139
Image 139
Fortinet 3.0 MR7 manual Viewing quarantined files, Quarantined files for a specific device, See