Fortinet black logo

Administration Guide

Sandbox Detection

Sandbox Detection

FortiClient supports integration with FortiSandbox. When configured, FortiSandbox automatically scans files downloaded on the endpoint or from removable media attached to the endpoint or mapped network drives. FortiClient also automatically scans files downloaded with an email client on the endpoint or from the Internet. In each case, if the file is not detected locally, and FortiSandbox integration is configured, FortiClient sends the file to the FortiSandbox for further analysis. Endpoint users can also manually submit files to FortiSandbox for scanning.

Access to files can be blocked until the FortiSandbox scanning result is returned.

When scanning is complete, FortiSandbox can quarantine infected files or alert and notify the endpoint user of infected files without quarantining the files.

As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from FortiSandbox, and applies them locally to all realtime and on-demand AV scanning.

note icon

If configured by the EMS administrator, FortiClient submits files with specified extensions to FortiSandbox. See the FortiClient EMS Administration Guide for details.

Sandbox Detection

FortiClient supports integration with FortiSandbox. When configured, FortiSandbox automatically scans files downloaded on the endpoint or from removable media attached to the endpoint or mapped network drives. FortiClient also automatically scans files downloaded with an email client on the endpoint or from the Internet. In each case, if the file is not detected locally, and FortiSandbox integration is configured, FortiClient sends the file to the FortiSandbox for further analysis. Endpoint users can also manually submit files to FortiSandbox for scanning.

Access to files can be blocked until the FortiSandbox scanning result is returned.

When scanning is complete, FortiSandbox can quarantine infected files or alert and notify the endpoint user of infected files without quarantining the files.

As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from FortiSandbox, and applies them locally to all realtime and on-demand AV scanning.

note icon

If configured by the EMS administrator, FortiClient submits files with specified extensions to FortiSandbox. See the FortiClient EMS Administration Guide for details.