Fortinet white logo
Fortinet white logo

Administration Guide

File Scan

File Scan

The File Scan page shows file-based job scans grouped by their ratings. Files submitted through On-Demand are not included. Users can toggle to view Malicious, Suspicious and Clean job ratings. By default, Suspicious jobs are displayed.

In this page, you can view job details and apply search filters. You can select to create a PDF or CSV format snapshot report for files based on search filters.

The following options are available:

File Scan Options

Suspicious

Click the Suspicious icon to view the suspicious jobs.

Clean

Click the Clean icon to view the clean or unknown jobs.

Malicious

Click the Malicious icon to view the malicious jobs.

Show Rescan Job Only

Whenever a new AV signature is downloaded, all jobs from last 48 hours will be done in one AV Scan. Detected viruses will receive a Malicious rating. Users can display them in File Detection > File Scan > Malicious and enable Show Rescan Job Only.

Refresh

Click the button to refresh the entries displayed.

Search

Show or hide the search filter field.

Add Search Filter

Click the search filter field to add search filters. Click the close icon in the search filter field to clear all search filters.

The search filter will be displayed below the search filter field. Click the close icon beside the search filter to remove the filter.

Search filters can be used to filter the information displayed in the GUI.

Export Data

Click the Export Data button to create a PDF or CSV snapshot report. The time to generate the report is dependent on the number of events selected. You can wait till the report is ready to view, or navigate away and find the report later on the Log & Report > Report Center page.

Customize

Click the Customize button to customize the Job View Settings. The change will be applied to all file based scan result pages.

Action

View Details

Click the View Details icon to view the file description and analysis details. The information displayed is dependent on the file selected.

Perform Rescan

For malicious jobs, you can also select Rescan to manually rescan the file. This way, you can find out the behavior of a known virus. You can select to force the file to do a Sandboxing scan even if it was detected in previous steps of a Static Scan, AV Scan, Cloud Query, or if it was stopped from entering the VM by a Sandboxing-prefilter setting. You can find the job in Scan Input > File On-Demand.

Archived File

An icon will appear if the file is an Archived File.

FortiGuard Static Scan

The icon displays that the file is rated by the user's overridden verdict or FortiGuard advanced static scan.

File Inside Archive

The icon displays that the file is a file extracted from an archive file.

Rescan Job

The icon displays that the job is Malicious from an AV Rescan or a rescan job of a Malicious file.

AV Scan

An icon will appear if this job is from an AV Rescan.

Pagination

Use the pagination options to browse entries displayed.

FortiSandbox has an Anti Virus rescan feature. When a new antivirus signature is available, FortiSandbox will perform a second antivirus scan of all the jobs from the last 48 hours whose ratings are Clean or Suspicious using the new signatures. Detected viruses will be displayed as Malicious jobs with the Rescan icon beside the View Details icon. The original job can still be viewed in the job detail page of the rescanned file by clicking the original job ID.

Virus behavior information is not collected as viruses are detected by the AV scanner. The rescan feature allows you to see how a virus behaves while it is being executed inside a VM.

The displayed columns are determined by settings defined in System > Job View Settings > File Detection Columns page. For more information, see Job View Settings.

To view file details:
  1. Select a file.
  2. Click View Details. A new tab opens.

    For information on the View Details page, see Appendix A - View Details page reference.

To rescan a file:
  1. Select a file with a Suspicious Rating that is not rated by VM or any malicious rating file.
  2. Click Perform Rescan.
  3. You can force the file to do Sandboxing scan even if was detected in former steps of Static Scan, AV Scan, Cloud Query, or stopped from entering VM by Sandboxing-prefilter setting.
  4. Click OK to start the rescan.

Rescan results are in FortiView > File Scan Search and Scan Input > File On-Demand.

In this version, the maximum number of events you can export to a PDF report is 1000. The maximum number of events you can export to a CSV report is 15000. Jobs over the maximum are not included in the report.

File Scan

File Scan

The File Scan page shows file-based job scans grouped by their ratings. Files submitted through On-Demand are not included. Users can toggle to view Malicious, Suspicious and Clean job ratings. By default, Suspicious jobs are displayed.

In this page, you can view job details and apply search filters. You can select to create a PDF or CSV format snapshot report for files based on search filters.

The following options are available:

File Scan Options

Suspicious

Click the Suspicious icon to view the suspicious jobs.

Clean

Click the Clean icon to view the clean or unknown jobs.

Malicious

Click the Malicious icon to view the malicious jobs.

Show Rescan Job Only

Whenever a new AV signature is downloaded, all jobs from last 48 hours will be done in one AV Scan. Detected viruses will receive a Malicious rating. Users can display them in File Detection > File Scan > Malicious and enable Show Rescan Job Only.

Refresh

Click the button to refresh the entries displayed.

Search

Show or hide the search filter field.

Add Search Filter

Click the search filter field to add search filters. Click the close icon in the search filter field to clear all search filters.

The search filter will be displayed below the search filter field. Click the close icon beside the search filter to remove the filter.

Search filters can be used to filter the information displayed in the GUI.

Export Data

Click the Export Data button to create a PDF or CSV snapshot report. The time to generate the report is dependent on the number of events selected. You can wait till the report is ready to view, or navigate away and find the report later on the Log & Report > Report Center page.

Customize

Click the Customize button to customize the Job View Settings. The change will be applied to all file based scan result pages.

Action

View Details

Click the View Details icon to view the file description and analysis details. The information displayed is dependent on the file selected.

Perform Rescan

For malicious jobs, you can also select Rescan to manually rescan the file. This way, you can find out the behavior of a known virus. You can select to force the file to do a Sandboxing scan even if it was detected in previous steps of a Static Scan, AV Scan, Cloud Query, or if it was stopped from entering the VM by a Sandboxing-prefilter setting. You can find the job in Scan Input > File On-Demand.

Archived File

An icon will appear if the file is an Archived File.

FortiGuard Static Scan

The icon displays that the file is rated by the user's overridden verdict or FortiGuard advanced static scan.

File Inside Archive

The icon displays that the file is a file extracted from an archive file.

Rescan Job

The icon displays that the job is Malicious from an AV Rescan or a rescan job of a Malicious file.

AV Scan

An icon will appear if this job is from an AV Rescan.

Pagination

Use the pagination options to browse entries displayed.

FortiSandbox has an Anti Virus rescan feature. When a new antivirus signature is available, FortiSandbox will perform a second antivirus scan of all the jobs from the last 48 hours whose ratings are Clean or Suspicious using the new signatures. Detected viruses will be displayed as Malicious jobs with the Rescan icon beside the View Details icon. The original job can still be viewed in the job detail page of the rescanned file by clicking the original job ID.

Virus behavior information is not collected as viruses are detected by the AV scanner. The rescan feature allows you to see how a virus behaves while it is being executed inside a VM.

The displayed columns are determined by settings defined in System > Job View Settings > File Detection Columns page. For more information, see Job View Settings.

To view file details:
  1. Select a file.
  2. Click View Details. A new tab opens.

    For information on the View Details page, see Appendix A - View Details page reference.

To rescan a file:
  1. Select a file with a Suspicious Rating that is not rated by VM or any malicious rating file.
  2. Click Perform Rescan.
  3. You can force the file to do Sandboxing scan even if was detected in former steps of Static Scan, AV Scan, Cloud Query, or stopped from entering VM by Sandboxing-prefilter setting.
  4. Click OK to start the rescan.

Rescan results are in FortiView > File Scan Search and Scan Input > File On-Demand.

In this version, the maximum number of events you can export to a PDF report is 1000. The maximum number of events you can export to a CSV report is 15000. Jobs over the maximum are not included in the report.