question

mneill avatar image
0 Likes"
mneill asked

Why am I able to download infected files with Deep Inspection, and AV and/or File Filter enabled?

Problem: When utilizing Deep Inspection and Google Chrome, files will sometimes appear to download despite being from restricted categories in Antivirus Profile, File Filter, or both. https://www.eicar.org/download-anti-malware-testfile/


This is almost always due to the file(s) already being held in local cache within Chrome. The browser's Developer Tools (F12 in Chrome and Firefox) can help to rule this out, as the Network tab will show a Status Code of "200 OK (from disk cache)" if pulling from local cache:

200-ok-from-disk-cache.png

Testing with a different browser (i.e., Firefox) will result in the file(s) being blocked.

FortiSASESSL SSH inspectionAntivirus profileFile filter
200-ok-from-disk-cache.png (511.7 KiB)
10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

2 Answers

·
mneill avatar image
0 Likes"
mneill answered

Solution: Clear Cached Images and Files in Chrome

As-of publishing, this can be accomplished by clicking the three dots in the upper-right, selecting "More Tools", and clicking "Clear Browsing Data...":

clear-cache-chrome.png

10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

jnielsen avatar image
0 Likes"
jnielsen answered

You are downloading a file via HTTPS. Are you doing deep-packet inspection (SSL inspection)? Unless you do that, the FortiGate has no way to "see" the file you are downloading.

· 1
10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

office avatar image office commented ·

look at the top of the post "When utilizing Deep Inspection"

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Welcome to FortiAnswers

FortiAnswers is the space dedicated to FortiSASE and FortiOS questions and suggestions.

  • Please review the Community guidelines
  • If you are a moderator, please refer to the Moderation guidelines
  • If something in the above guidelines is unclear, please post your question to the Community Feedback space or the Moderators' space