Refer to the exhibit. A user reports that accessing a legitimate HTTPS website is blocked. The FortiGate logs show that the connection was denied by the antivirus profile. What is the most likely cause?
Deep inspection decrypts traffic, and antivirus may incorrectly flag legitimate content.
Why this answer
Option A is correct because the antivirus (AV) profile on FortiGate performs deep inspection of HTTPS traffic by decrypting it, scanning the content, and re-encrypting it. If the AV signature database contains a false positive for a legitimate website's content (e.g., a benign JavaScript file matching a malware signature), the connection will be denied. The log explicitly states the denial was by the AV profile, not by any other security profile, making a false positive in encrypted traffic the most likely cause.
Exam trap
The trap here is that candidates may confuse the security profile that generated the log entry (antivirus) with other profiles (application control, IPS, protocol options) that could also block HTTPS traffic, but the log's explicit attribution to the AV profile eliminates those possibilities.
How to eliminate wrong answers
Option B is wrong because the log shows the connection was denied by the antivirus profile, not by an application control profile; the application list blocking HTTPS would generate a log entry from the application control module, not the AV module. Option C is wrong because an IPS profile blocking a vulnerability would generate a log entry from the IPS sensor, not the antivirus profile, and the log explicitly attributes the denial to the AV profile. Option D is wrong because the protocol options profile blocking the SSL handshake would produce a log from the SSL inspection module or a protocol violation, not from the antivirus profile, and the connection was denied after inspection, not during the handshake.