I'm getting alerts about "File was disarmed by Content Disarm engine" set up in AV profile.
how I can stop getting those alerts and keep getting AV alerts?
Thanks,
Message meets Alert condition
File Block Detected: "20190910230052.pdf" Protocol: "HTTPS" …. type="utm" subtype="virus" eventtype="content-disarm" level="warning" vd="root" eventtime=1572421983 msg="File was disarmed by Content Disarm engine." action="content-disarmed" service="HTTPS" sessionid=216815780 srcip=XXXXXXX dstip=XXXXXX srcport=54567 dstport=443 srcintf="XXX" srcintfrole="XXX" dstintf="XXX" dstintfrole="XXX" policyid=XXX proto=6 direction="incoming" filename="20190910230052.pdf" checksum="4a3621f7" url="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" profile="AV-Default" analyticscksum="XXXXXXXXXXXXc" contentdisarmed="disarmed" crscore=10 crlevel="medium"
Shlomi Cohen wrote:Is not possible (Support dixit).I'm getting alerts about "File was disarmed by Content Disarm engine" set up in AV profile.
how I can stop getting those alerts and keep getting AV alerts?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.