A couple important settings are in the XML dump.
Turn on sandbox signatures (APT). Also turn on the virus database to 'extreme'; (0 is off, 1 is on)
<real_time_protection>
<enabled>1</enabled>
<use_extreme_db>0</use_extreme_db>
<when>0</when>
<ignore_system_when>2</ignore_system_when>
<on_virus_found>5</on_virus_found>
<popup_alerts>1</popup_alerts>
<popup_registry_alerts>0</popup_registry_alerts>
<bypass_java>0</bypass_java>
<cloud_based_detection>
<on_virus_found>4</on_virus_found>
</cloud_based_detection>
<sandboxing>
<use_sandbox_signatures>1</use_sandbox_signatures>
</sandboxing>
Extreme turns on ALL of the signatures which effectively triples the size of the signature database and it isn't so reliant on zero-days or recent events but expands it to capture some stuff that's been around for awhile. It also expands it to encompass other operating systems, such as Windows XP threats. Fortinet explains that better here;
Extreme The extreme antivirus database allows scanning for both “in the wild” and “zoo” viruses that are no longer seen in recent studies as well as all available signatures that are currently supported. The extreme database provides flexibility, providing the maximum protection without sacrificing performance and is suited to an enhanced security environment.
Edit: Maybe Mods could consider a Fortinet/Forticlient Sub-Forum?
