Skip to main content
  • EN

Hello, I would like to add an antivirus for the back-up analysis when recovering files. Is it possible to add this function from Forti-EMS?
I can't find the config .xml file for veeam from Fortigate / Forti EMS.

Thanks

Hi @TazMonster -

The A/V config file needs to be installed on the Mount Server you use to do restores, which must be a Windows server. See here for requirements. Also, see here on how to create/configure the config.xml file for your specific A/V solution. Hope this helps.

To specifically answer your question, you have to manually configure the AntivirusInfos.xml file and place it in the proper Mount Server folder location.

It will probably take some playing with the XML file to get it working if it will work.  I know Veeam has pre-defined AV vendors that work in the link Shane posted.  If you use those examples, you may be able to figure out how to get the Forti EMS to work possibly.

Hi @TazMonster, since Fortigate / Forti EMS is not pre-defined, kindly take a look at this KB: https://www.veeam.com/kb3132

Has anyone gotten this feature to work successfully with FortiClient EMS? I am also looking to add FortiClient to the XML file for Secure Restore and scanning backups during validation in a Sure Backup Job.

Hi @jglass7 ...doesn’t appear @TazMonster has provided an update.  From the User Guide, you can expand the sample config xml file to see the format needed:

https://helpcenter.veeam.com/docs/backup/vsphere/av_scan_xml.html?ver=120

I found on Forticlient’s site, they have command line ability:

https://docs.fortinet.com/document/forticlient/7.4.0/xml-reference-guide/332612/antivirus

What you all may need to do is contact Forticlient Support and have them assist in adding XML-format parameters in the AntivirusInfos.xml file, then test it out doing a Secure Restore, or even a Scan Backup operation in the Veeam Console to see if it works.

 

Hi @TazMonster  - I just wanted to follow up to see if you were able to resolve your issue with one of the posted comments or if you found another solution.  If you could update the thread and if one of the comments helped you mark that as best answer or if you found another solution post it and then mark it as best answer that would be great.  It will help others and the community to get answers/details for similar problems.

Hi 

For FortiClient

<Antiviruses>
  <!-- FortiClient -->
  <AntivirusInfo Name='FortiClient' IsPortableSoftware='false' ExecutableFilePath='%ProgramFiles%\Fortinet\FortiClient\av_task.exe' CommandLineParameters='scan %Path%' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FCT_SecSvr' ServiceName='FCT_SecSvr' ThreatExistsRegEx='Threat\s+detected' IsParallelScanAvailable='false'>
     <ExitCodes>
        <ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was completed with errors'>1</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was canceled'>2</ExitCode>
        <ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
        <ExitCode Type='Infected' Description='Infected object was detected'>-80</ExitCode>
        <ExitCode Type='Infected' Description='Possibly infected object was detected'>-81</ExitCode>
     </ExitCodes>
  </AntivirusInfo>
</Antiviruses>

Hi 

For FortiClient

<Antiviruses>
  <!-- FortiClient -->
  <AntivirusInfo Name='FortiClient' IsPortableSoftware='false' ExecutableFilePath='%ProgramFiles%\Fortinet\FortiClient\av_task.exe' CommandLineParameters='scan %Path%' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FCT_SecSvr' ServiceName='FCT_SecSvr' ThreatExistsRegEx='Threat\s+detected' IsParallelScanAvailable='false'>
     <ExitCodes>
        <ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was completed with errors'>1</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was canceled'>2</ExitCode>
        <ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
        <ExitCode Type='Infected' Description='Infected object was detected'>-80</ExitCode>
        <ExitCode Type='Infected' Description='Possibly infected object was detected'>-81</ExitCode>
     </ExitCodes>
  </AntivirusInfo>
</Antiviruses>

Thanks for sharing this with the community.

<Antiviruses>
  <!-- Kaspersky Endpoint Security -->
  <AntivirusInfo Name='Kaspersky Endpoint Security' IsPortableSoftware='false' ExecutableFilePath='C:\Program Files (x86)\Kaspersky Lab\KES.12.6.0\avp.exe' CommandLineParameters='scan %Path%' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVP.KES.21.18' ServiceName='AVP.KES.21.18' ThreatExistsRegEx='Threat\s+detected' IsParallelScanAvailable='false'>
     <ExitCodes>
        <ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was completed with errors'>1</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was canceled'>2</ExitCode>
        <ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
        <ExitCode Type='Infected' Description='Infected object was detected'>-80</ExitCode>
        <ExitCode Type='Infected' Description='Possibly infected object was detected'>-81</ExitCode>
     </ExitCodes>
  </AntivirusInfo>
</Antiviruses>
 

Comment


Terms & Conditions