question

mneill avatar image
0 Likes"
mneill asked

Why am I able to download infected files with Deep Inspection, and AV and/or File Filter enabled?

Problem: When utilizing Deep Inspection and Google Chrome, files will sometimes appear to download despite being from restricted categories in Antivirus Profile, File Filter, or both. https://www.eicar.org/download-anti-malware-testfile/


This is almost always due to the file(s) already being held in local cache within Chrome. The browser's Developer Tools (F12 in Chrome and Firefox) can help to rule this out, as the Network tab will show a Status Code of "200 OK (from disk cache)" if pulling from local cache:

200-ok-from-disk-cache.png

Testing with a different browser (i.e., Firefox) will result in the file(s) being blocked.

FortiSASESSL SSH inspectionAntivirus profileFile filter
10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

·
mneill avatar image
0 Likes"
mneill answered

Solution: Clear Cached Images and Files in Chrome

As-of publishing, this can be accomplished by clicking the three dots in the upper-right, selecting "More Tools", and clicking "Clear Browsing Data...":

clear-cache-chrome.png

10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Welcome to FortiAnswers

FortiAnswers is the space dedicated to FortiSASE and FortiOS questions and suggestions.

  • Please review the Community guidelines
  • If you are a moderator, please refer to the Moderation guidelines
  • If something in the above guidelines is unclear, please post your question to the Community Feedback space or the Moderators' space