Malware Hub Report PcMag Emsisoft Anti-Malware 2017

Status
Not open for further replies.
F

ForgottenSeer 58943

i don't use xml or custom scripts

It's really just a dump of the settings, and all of the settings not present in the GUI. In the corporate/enterprise environment, GUI is really our last resort. Most of our work is done in CLI or Scripts. In this case, you are just adjusting settings the product is designed to use but hidden for corporate/enterprise reasons.. Basically so people don't click stuff.

That's why I put the disclaimer - for the technically minded.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
A couple important settings are in the XML dump.

Turn on sandbox signatures (APT). Also turn on the virus database to 'extreme'; (0 is off, 1 is on)

<real_time_protection>
<enabled>1</enabled>
<use_extreme_db>0</use_extreme_db>
<when>0</when>
<ignore_system_when>2</ignore_system_when>
<on_virus_found>5</on_virus_found>
<popup_alerts>1</popup_alerts>
<popup_registry_alerts>0</popup_registry_alerts>
<bypass_java>0</bypass_java>
<cloud_based_detection>
<on_virus_found>4</on_virus_found>
</cloud_based_detection>
<sandboxing>
<use_sandbox_signatures>1</use_sandbox_signatures>
</sandboxing>

Extreme turns on ALL of the signatures which effectively triples the size of the signature database and it isn't so reliant on zero-days or recent events but expands it to capture some stuff that's been around for awhile. It also expands it to encompass other operating systems, such as Windows XP threats. Fortinet explains that better here;

Extreme The extreme antivirus database allows scanning for both “in the wild” and “zoo” viruses that are no longer seen in recent studies as well as all available signatures that are currently supported. The extreme database provides flexibility, providing the maximum protection without sacrificing performance and is suited to an enhanced security environment.

Edit: Maybe Mods could consider a Fortinet/Forticlient Sub-Forum?
Thank you for sharing these settings. I've installed Forticlient and I shall start tweaking tomorrow.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
I've applied the tweaks to the XML file and restored said file into Forticlient and everything is running great. Thanks again ForgottenSeer 58943
 
  • Like
Reactions: Sunshine-boy

Game Of Thrones

Level 5
Verified
Well-known
Jun 5, 2014
220
1) The installer is fine, but it does download modules and updates during the installation. You can cancel the pre-install scan by clicking cancel. In all fairness, the installation is much quicker for me since I have a Fortigate on my gateway it installs with pushes from the appliance vs over the internet... .

this is what i call a great post, and i always enjoy your posts. thanks for being here man.
 
  • Like
Reactions: ForgottenSeer 58943
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top