Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Shlomi_Cohen
New Contributor

Stop Content Disarm alerts

I'm getting alerts about "File was disarmed by Content Disarm engine" set up in AV profile.

how I can stop getting those alerts and keep getting AV alerts?

Thanks,

 

Message meets Alert condition

File Block Detected: "20190910230052.pdf" Protocol: "HTTPS" …. type="utm" subtype="virus" eventtype="content-disarm" level="warning" vd="root" eventtime=1572421983 msg="File was disarmed by Content Disarm engine." action="content-disarmed" service="HTTPS" sessionid=216815780 srcip=XXXXXXX dstip=XXXXXX srcport=54567 dstport=443 srcintf="XXX" srcintfrole="XXX" dstintf="XXX" dstintfrole="XXX" policyid=XXX proto=6 direction="incoming" filename="20190910230052.pdf" checksum="4a3621f7" url="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" profile="AV-Default" analyticscksum="XXXXXXXXXXXXc" contentdisarmed="disarmed" crscore=10 crlevel="medium"

 

1 REPLY 1
jim3cantos
New Contributor III

Shlomi Cohen wrote:

I'm getting alerts about "File was disarmed by Content Disarm engine" set up in AV profile.

how I can stop getting those alerts and keep getting AV alerts?

 

Is not possible (Support dixit).

 

José Ignacio Martín Jiménez
José Ignacio Martín Jiménez
Labels
Top Kudoed Authors