Skip to main content
  • EN
Question

Anit-Virus xml From Forti-EMS

  • 18 September 2023
  • 9 comments
  • 133 views

Hello, I would like to add an antivirus for the back-up analysis when recovering files. Is it possible to add this function from Forti-EMS?
I can't find the config .xml file for veeam from Fortigate / Forti EMS.

Thanks

9 comments

coolsport00
Userlevel 7
Badge +19

Hi @TazMonster -

The A/V config file needs to be installed on the Mount Server you use to do restores, which must be a Windows server. See here for requirements. Also, see here on how to create/configure the config.xml file for your specific A/V solution. Hope this helps.

To specifically answer your question, you have to manually configure the AntivirusInfos.xml file and place it in the proper Mount Server folder location.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Chris.Childerhose
Userlevel 7
Badge +21

It will probably take some playing with the XML file to get it working if it will work.  I know Veeam has pre-defined AV vendors that work in the link Shane posted.  If you use those examples, you may be able to figure out how to get the Forti EMS to work possibly.

Chris Childerhose - VMCA2024 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 4* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Iams3le
Userlevel 7
Badge +9

Hi @TazMonster, since Fortigate / Forti EMS is not pre-defined, kindly take a look at this KB: https://www.veeam.com/kb3132

[Microsoft MVP | Veeam Legend 5* | VMware vExpert 4* | Cisco Champion 3* | Object First Ace]
J

Has anyone gotten this feature to work successfully with FortiClient EMS? I am also looking to add FortiClient to the XML file for Secure Restore and scanning backups during validation in a Sure Backup Job.

coolsport00
Userlevel 7
Badge +19

Hi @jglass7 ...doesn’t appear @TazMonster has provided an update.  From the User Guide, you can expand the sample config xml file to see the format needed:

https://helpcenter.veeam.com/docs/backup/vsphere/av_scan_xml.html?ver=120

I found on Forticlient’s site, they have command line ability:

https://docs.fortinet.com/document/forticlient/7.4.0/xml-reference-guide/332612/antivirus

What you all may need to do is contact Forticlient Support and have them assist in adding XML-format parameters in the AntivirusInfos.xml file, then test it out doing a Secure Restore, or even a Scan Backup operation in the Veeam Console to see if it works.

 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Chris.Childerhose
Userlevel 7
Badge +21

Hi @TazMonster  - I just wanted to follow up to see if you were able to resolve your issue with one of the posted comments or if you found another solution.  If you could update the thread and if one of the comments helped you mark that as best answer or if you found another solution post it and then mark it as best answer that would be great.  It will help others and the community to get answers/details for similar problems.

Chris Childerhose - VMCA2024 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 4* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
G

Hi 

For FortiClient

<Antiviruses>
  <!-- FortiClient -->
  <AntivirusInfo Name='FortiClient' IsPortableSoftware='false' ExecutableFilePath='%ProgramFiles%\Fortinet\FortiClient\av_task.exe' CommandLineParameters='scan %Path%' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FCT_SecSvr' ServiceName='FCT_SecSvr' ThreatExistsRegEx='Threat\s+detected' IsParallelScanAvailable='false'>
     <ExitCodes>
        <ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was completed with errors'>1</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was canceled'>2</ExitCode>
        <ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
        <ExitCode Type='Infected' Description='Infected object was detected'>-80</ExitCode>
        <ExitCode Type='Infected' Description='Possibly infected object was detected'>-81</ExitCode>
     </ExitCodes>
  </AntivirusInfo>
</Antiviruses>

Chris.Childerhose
Userlevel 7
Badge +21

Hi 

For FortiClient

<Antiviruses>
  <!-- FortiClient -->
  <AntivirusInfo Name='FortiClient' IsPortableSoftware='false' ExecutableFilePath='%ProgramFiles%\Fortinet\FortiClient\av_task.exe' CommandLineParameters='scan %Path%' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FCT_SecSvr' ServiceName='FCT_SecSvr' ThreatExistsRegEx='Threat\s+detected' IsParallelScanAvailable='false'>
     <ExitCodes>
        <ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was completed with errors'>1</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was canceled'>2</ExitCode>
        <ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
        <ExitCode Type='Infected' Description='Infected object was detected'>-80</ExitCode>
        <ExitCode Type='Infected' Description='Possibly infected object was detected'>-81</ExitCode>
     </ExitCodes>
  </AntivirusInfo>
</Antiviruses>

Thanks for sharing this with the community.

Chris Childerhose - VMCA2024 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 4* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
G

<Antiviruses>
  <!-- Kaspersky Endpoint Security -->
  <AntivirusInfo Name='Kaspersky Endpoint Security' IsPortableSoftware='false' ExecutableFilePath='C:\Program Files (x86)\Kaspersky Lab\KES.12.6.0\avp.exe' CommandLineParameters='scan %Path%' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVP.KES.21.18' ServiceName='AVP.KES.21.18' ThreatExistsRegEx='Threat\s+detected' IsParallelScanAvailable='false'>
     <ExitCodes>
        <ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was completed with errors'>1</ExitCode>
        <ExitCode Type='Error' Description='Antivirus scan was canceled'>2</ExitCode>
        <ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
        <ExitCode Type='Infected' Description='Infected object was detected'>-80</ExitCode>
        <ExitCode Type='Infected' Description='Possibly infected object was detected'>-81</ExitCode>
     </ExitCodes>
  </AntivirusInfo>
</Antiviruses>
 

Comment


Terms & Conditions