Skip to main content
Question

Anit-Virus xml From Forti-EMS

  • September 18, 2023
  • 9 comments
  • 191 views
TazMonster

Hello, I would like to add an antivirus for the back-up analysis when recovering files. Is it possible to add this function from Forti-EMS?
I can't find the config .xml file for veeam from Fortigate / Forti EMS.

Thanks

Never give up!!!
Chris.Childerhose
Iams3le
Madi.Cristil

9 comments

coolsport00
Forum|alt.badge.img+21
  • coolsport00
  • Veeam Legend
  • September 18, 2023

Hi @TazMonster -

The A/V config file needs to be installed on the Mount Server you use to do restores, which must be a Windows server. See here for requirements. Also, see here on how to create/configure the config.xml file for your specific A/V solution. Hope this helps.

To specifically answer your question, you have to manually configure the AntivirusInfos.xml file and place it in the proper Mount Server folder location.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Chris.Childerhose
Iams3le
TazMonster
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • September 18, 2023

It will probably take some playing with the XML file to get it working if it will work.  I know Veeam has pre-defined AV vendors that work in the link Shane posted.  If you use those examples, you may be able to figure out how to get the Forti EMS to work possibly.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Iams3le
TazMonster
Iams3le
Forum|alt.badge.img+11
  • Iams3le
  • Veeam Legend
  • September 18, 2023

Hi @TazMonster, since Fortigate / Forti EMS is not pre-defined, kindly take a look at this KB: https://www.veeam.com/kb3132

[Microsoft MVP 2x | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]
Chris.Childerhose
J
  • jglass7
  • New Here
  • June 24, 2024

Has anyone gotten this feature to work successfully with FortiClient EMS? I am also looking to add FortiClient to the XML file for Secure Restore and scanning backups during validation in a Sure Backup Job.

Chris.Childerhose
coolsport00
Forum|alt.badge.img+21
  • coolsport00
  • Veeam Legend
  • June 24, 2024

Hi @jglass7 ...doesn’t appear @TazMonster has provided an update.  From the User Guide, you can expand the sample config xml file to see the format needed:

https://helpcenter.veeam.com/docs/backup/vsphere/av_scan_xml.html?ver=120

I found on Forticlient’s site, they have command line ability:

https://docs.fortinet.com/document/forticlient/7.4.0/xml-reference-guide/332612/antivirus

What you all may need to do is contact Forticlient Support and have them assist in adding XML-format parameters in the AntivirusInfos.xml file, then test it out doing a Secure Restore, or even a Scan Backup operation in the Veeam Console to see if it works.

 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Chris.Childerhose
Forum|alt.badge.img+21

Hi @TazMonster  - I just wanted to follow up to see if you were able to resolve your issue with one of the posted comments or if you found another solution.  If you could update the thread and if one of the comments helped you mark that as best answer or if you found another solution post it and then mark it as best answer that would be great.  It will help others and the community to get answers/details for similar problems.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
G
  • Ge12
  • New Here
  • August 13, 2024

Hi 

For FortiClient

<Antiviruses>
  <!-- FortiClient -->
  <AntivirusInfo Name='FortiClient' IsPortableSoftware='false' ExecutableFilePath='%ProgramFiles%\Fortinet\FortiClient\av_task.exe' CommandLineParameters='scan %Path%' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FCT_SecSvr' ServiceName='FCT_SecSvr' ThreatExistsRegEx='Threat\s+detected' IsParallelScanAvailable='false'>
     <ExitCodes>
        <ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was completed with errors'>1</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was canceled'>2</ExitCode>
        <ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
        <ExitCode Type='Infected' Description='Infected object was detected'>-80</ExitCode>
        <ExitCode Type='Infected' Description='Possibly infected object was detected'>-81</ExitCode>
     </ExitCodes>
  </AntivirusInfo>
</Antiviruses>

Chris.Childerhose
coolsport00
Chris.Childerhose
Forum|alt.badge.img+21

Hi 

For FortiClient

<Antiviruses>
  <!-- FortiClient -->
  <AntivirusInfo Name='FortiClient' IsPortableSoftware='false' ExecutableFilePath='%ProgramFiles%\Fortinet\FortiClient\av_task.exe' CommandLineParameters='scan %Path%' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FCT_SecSvr' ServiceName='FCT_SecSvr' ThreatExistsRegEx='Threat\s+detected' IsParallelScanAvailable='false'>
     <ExitCodes>
        <ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was completed with errors'>1</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was canceled'>2</ExitCode>
        <ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
        <ExitCode Type='Infected' Description='Infected object was detected'>-80</ExitCode>
        <ExitCode Type='Infected' Description='Possibly infected object was detected'>-81</ExitCode>
     </ExitCodes>
  </AntivirusInfo>
</Antiviruses>

Thanks for sharing this with the community.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
G
G
  • Ge12
  • New Here
  • August 13, 2024

<Antiviruses>
  <!-- Kaspersky Endpoint Security -->
  <AntivirusInfo Name='Kaspersky Endpoint Security' IsPortableSoftware='false' ExecutableFilePath='C:\Program Files (x86)\Kaspersky Lab\KES.12.6.0\avp.exe' CommandLineParameters='scan %Path%' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVP.KES.21.18' ServiceName='AVP.KES.21.18' ThreatExistsRegEx='Threat\s+detected' IsParallelScanAvailable='false'>
     <ExitCodes>
        <ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was completed with errors'>1</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was canceled'>2</ExitCode>
        <ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
        <ExitCode Type='Infected' Description='Infected object was detected'>-80</ExitCode>
        <ExitCode Type='Infected' Description='Possibly infected object was detected'>-81</ExitCode>
     </ExitCodes>
  </AntivirusInfo>
</Antiviruses>
 

Chris.Childerhose
Terms & ConditionsAccessibility statement