Fortinet white logo
Fortinet white logo

FortiSandbox VM on AWS

Reduce scan time in custom Windows VM

Appendix A - Reduce scan time in custom Windows VM

When a file is sent to local Windows clone for dynamic scan, it takes time to boot up the clone from power-off state. You can keep the custom VM clones running to reduce scan time.

To reduce the scan time in a custom Windows VM:
  1. Go to System > AWS Config and enable Allow Hot-Standby VM. After Allow Hot-Standby VM is enabled, FortiSandbox will perform vminit again to apply changes to existing custom VM clones or prepare new clone(s).

  2. After the clone initiation is done, go to the AWS EC2 console to check that the clone(s) keep running with /without a scan job. Allow 2-3 minutes for a custom VM clone to restore status after a scan job done. Afterwards, the clone will keep running, and standby for the next scan job to reduce VM scan time.
Tooltip

For this feature to work better we recommend enabling more clones than the maximum concurrent dynamic scan jobs, so when a new dynamic scan job is started, there are stand-by clones available immediately.

Reduce scan time in custom Windows VM

Appendix A - Reduce scan time in custom Windows VM

When a file is sent to local Windows clone for dynamic scan, it takes time to boot up the clone from power-off state. You can keep the custom VM clones running to reduce scan time.

To reduce the scan time in a custom Windows VM:
  1. Go to System > AWS Config and enable Allow Hot-Standby VM. After Allow Hot-Standby VM is enabled, FortiSandbox will perform vminit again to apply changes to existing custom VM clones or prepare new clone(s).

  2. After the clone initiation is done, go to the AWS EC2 console to check that the clone(s) keep running with /without a scan job. Allow 2-3 minutes for a custom VM clone to restore status after a scan job done. Afterwards, the clone will keep running, and standby for the next scan job to reduce VM scan time.
Tooltip

For this feature to work better we recommend enabling more clones than the maximum concurrent dynamic scan jobs, so when a new dynamic scan job is started, there are stand-by clones available immediately.