File Scan
The File Scan page shows file-based job scans grouped by their ratings. Files submitted through On-Demand are not included. Users can toggle to view Malicious, Suspicious and Clean job ratings. By default, Suspicious jobs are displayed.
In this page, you can view job details and apply search filters. You can select to create a PDF or CSV format snapshot report for files based on search filters.
The following options are available:
File Scan Options |
|
|
|
Suspicious |
Click the Suspicious icon to view the suspicious jobs. |
|
Clean |
Click the Clean icon to view the clean or unknown jobs. |
|
Malicious |
Click the Malicious icon to view the malicious jobs. |
Show Rescan Job Only |
Whenever a new AV signature is downloaded, all jobs from last 48 hours will be done in one AV Scan. Detected viruses will receive a Malicious rating. Users can display them in File Detection > File Scan > Malicious and enable Show Rescan Job Only. |
|
Refresh |
Click the button to refresh the entries displayed. |
|
Search |
Show or hide the search filter field. |
|
Add Search Filter |
Click the search filter field to add search filters. Click the close icon in the search filter field to clear all search filters. The search filter will be displayed below the search filter field. Click the close icon beside the search filter to remove the filter. Search filters can be used to filter the information displayed in the GUI. |
|
Export Data |
Click the Export Data button to create a PDF or CSV snapshot report. The time to generate the report is dependent on the number of events selected. You can wait till the report is ready to view, or navigate away and find the report later on the Log & Report > Report Center page. |
|
Customize |
Click the Customize button to customize the Job View Settings. The change will be applied to all file based scan result pages. |
|
Action |
|
|
|
View Details |
Click the View Details icon to view the file description and analysis details. The information displayed is dependent on the file selected. |
|
Perform Rescan |
For malicious jobs, you can also select Rescan to manually rescan the file. This way, you can find out the behavior of a known virus. You can select to force the file to do a Sandboxing scan even if it was detected in previous steps of a Static Scan, AV Scan, Cloud Query, or if it was stopped from entering the VM by a Sandboxing-prefilter setting. You can find the job in Scan Input > File On-Demand. |
|
Archived File |
An icon will appear if the file is an Archived File. |
|
FortiGuard Static Scan |
The icon displays that the file is rated by the user's overridden verdict or FortiGuard advanced static scan. |
|
File Inside Archive |
The icon displays that the file is a file extracted from an archive file. |
|
Rescan Job |
The icon displays that the job is Malicious from an AV Rescan or a rescan job of a Malicious file. |
|
AV Scan |
An icon will appear if this job is from an AV Rescan. |
Pagination |
|
Use the pagination options to browse entries displayed. |
FortiSandbox has an Anti Virus rescan feature. When a new antivirus signature is available, FortiSandbox will perform a second antivirus scan of all the jobs from the last 48 hours whose ratings are Clean or Suspicious using the new signatures. Detected viruses will be displayed as Malicious jobs with the Rescan icon beside the View Details icon. The original job can still be viewed in the job detail page of the rescanned file by clicking the original job ID.
Virus behavior information is not collected as viruses are detected by the AV scanner. The rescan feature allows you to see how a virus behaves while it is being executed inside a VM. |
The displayed columns are determined by settings defined in System > Job View Settings > File Detection Columns page. For more information, see Job View Settings.
To view file details:
- Select a file.
- Click View Details. A new tab opens.
For information on the View Details page, see Appendix A - View Details page reference.
To rescan a file:
- Select a file with a Suspicious Rating that is not rated by VM or any malicious rating file.
- Click Perform Rescan.
- You can force the file to do Sandboxing scan even if was detected in former steps of Static Scan, AV Scan, Cloud Query, or stopped from entering VM by Sandboxing-prefilter setting.
- Click OK to start the rescan.
Rescan results are in FortiView > File Scan Search and Scan Input > File On-Demand.
In this version, the maximum number of events you can export to a PDF report is 1000. The maximum number of events you can export to a CSV report is 15000. Jobs over the maximum are not included in the report.