Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Configuring submission, access, and remediation

  1. On the Malware Protection tab, click the Settings icon.

    The settings page displays.

  2. Set the following options, and click OK:

    Wait for FortiSandbox results before allowing file access

    Wait for FortiSandbox analysis results before files can be accessed. Clear the checkbox to allow file access before FortiSandbox results are known.

    Timeout (seconds)

    Specify the timeout duration in seconds. After the time expires, file access is allowed, even if FortiSandbox has not returned results and if the Deny Access to file if Sandbox unreachable option is disabled.

    When set to 0, the downloaded file is always released and the popup never displays. See Using the popup window.

    Deny Access to file if Sandbox is unreachable

    Deny access to files when FortiClient cannot reach FortiSandbox for file analysis. Clear the checkbox to allow file access if FortiClient cannot reach the FortiSandbox for scanning. See Examples of FortiSandbox availability and scanning results.

    FortiSandbox Submission Options

    All files executed from mapped network drives

    Submit all files that are executed on mapped network drives to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    All files executed from removable media

    Submit all files executed on removable media, such as USB drives, to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    All web downloads

    Submit all web downloads on the endpoint to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    All email downloads (Ex. Outlook)

    Submit all email downloads on the endpoint to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    Remediation Options

    Quarantine infected files

    Quarantine infected files.

    Alert & Notify only

    Alert and notify the endpoint user about infected files, but not quarantine infected files.

Configuring submission, access, and remediation

  1. On the Malware Protection tab, click the Settings icon.

    The settings page displays.

  2. Set the following options, and click OK:

    Wait for FortiSandbox results before allowing file access

    Wait for FortiSandbox analysis results before files can be accessed. Clear the checkbox to allow file access before FortiSandbox results are known.

    Timeout (seconds)

    Specify the timeout duration in seconds. After the time expires, file access is allowed, even if FortiSandbox has not returned results and if the Deny Access to file if Sandbox unreachable option is disabled.

    When set to 0, the downloaded file is always released and the popup never displays. See Using the popup window.

    Deny Access to file if Sandbox is unreachable

    Deny access to files when FortiClient cannot reach FortiSandbox for file analysis. Clear the checkbox to allow file access if FortiClient cannot reach the FortiSandbox for scanning. See Examples of FortiSandbox availability and scanning results.

    FortiSandbox Submission Options

    All files executed from mapped network drives

    Submit all files that are executed on mapped network drives to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    All files executed from removable media

    Submit all files executed on removable media, such as USB drives, to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    All web downloads

    Submit all web downloads on the endpoint to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    All email downloads (Ex. Outlook)

    Submit all email downloads on the endpoint to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    Remediation Options

    Quarantine infected files

    Quarantine infected files.

    Alert & Notify only

    Alert and notify the endpoint user about infected files, but not quarantine infected files.