New features and enhancements
The following is summary of new features and enhancements in version 4.0.0. For details, see the FortiSandbox4.0.0 Administration Guide in the Fortinet Document Library.
GUI
- Redesigned menu layout and GUI Dashboard:
- Implemented Connectivity and Services widget to show the operational status of the system.
- Implemented Scan Performance widget to demonstrate the capabilities and capacity of the system.
- Implemented Licenses widget to show the validity of contracts and services.
- Implemented System Resources widget to show disk monitor information.
- Implemented Favorites menu feature to customize and pick frequently used FortiSandbox features.
- Introduced Cluster Management feature for administering HA-Cluster.
- Implemented reset of FortiGuard setting to default.
- Consolidated license upload of FSA-VM, Microsoft Windows, and Microsoft Office.
- Display a warning message before downloading any samples or malicious content from FortiSandbox.
- Display serial number or hostname if configured on the browser tab name.
Fabric integration
- Implemented custom VM support in a separate Virtual Private Cloud (VPC) in AWS platform.
- Implemented a separate port configuration for JSON REST API.
- Implemented hostname on HTTP connect in the request URI of FortiGuard proxy.
- Enhanced connectivity with FortiAnalyzer for secured logging.
- Enhanced LDAP related configuration via JSON RPC API to list all configurations and include advanced fields.
Scan
- Introduced new Adaptive Scan Profile feature that automatically adjusts the scan profile depending on the submission.
- Introduced VM Scan Ratio feature that is a new scan logic to balance the efficiency by utilizing the VMs based on system load.
- Introduced new dynamic scan module called PEXBox that emulates code for improved detection on Windows malware.
- Introduced new Rating Engine Plus feature that utilizes the cloud's rating.
- Implemented reset of prescan configuration back to default.
- Implemented deletion of VM Job while on Interactive Scan.
- Enhanced support on files with large filesize. Updated filesize limit and prescan CLI configuration.
- Improved scan behavior and rating on websites that are not 200 OK, for example, not reachable, forbidden, and so on.
- Improved scan flow for FortiMail Fabric Integration to return the result as soon as a known malware is detected.
- Set the AI mode enabled by default for higher detection rate.
- Implemented support for running multiple VM types at the same time for the same sample file or URL.
System & Security
- Introduced an alert system for system health check when a threshold is reached.
- Implemented FortiGuard as an available option for NTP server configuration.
- Implemented support for configuring cluster IP on aggregate interface for the bandwidth and redundancy of file submission.
- Implemented rescue mode feature on Hyper-V.
- Merged support for FortiSandbox 3000F model.
- Supported use of LACP interface on health check and MTA features.
- Updated filename of backup configuration from device serial number to hostname.
- Combined multiple rating engines for Windows, Android, and Linux into a single Sandbox Rating Engine.
Engines must be re-downloaded and might take several minutes. In HA-cluster, wait for each node to upgrade.
Logging & Reporting
- Redesigned PDF report to add more information of the job, including:
- List of extracted URLs and VM images.
- Signature info of antivirus detection.
- Job details information on BCC feature.
- Snapshot of system information and Engine/DB versions.
- Configuration of AI, embedded URL option, scan timeout, and Windows Cloud VM region.
- Reference link to VirusTotal reference.
- Implemented the Malware category field in the job event logs.
- Implemented detected malware name in the Suspicious Indicator Detail table.
- Implemented VM Category on the report as Default, Optional, or Custom.
- Implemented submit condition to VM Scan either by Scan Profile or new Scan Ratio; added to Job details report changes.
- Implemented logging of scan performance.
CLI
- Implemented CLI configuration for prescan module called
prescan-config
. - Enhanced
tac-report
debug CLI command to include 4.0 features and to collectively run diagnose cli commands for monitoring and troubleshooting. - Enhanced
test-network
debug CLI command to check network speed. - Enhanced debug CLI command
test-network
to verify not only the cloud query but also cloud submission as part of the Community Cloud feature. - Enhanced
status
CLI command to show the file system state of the boot and data disks. - Display serial number or hostname if configured in the command prompt.
- Renamed
admin-pwd-reset
CLI command toreset-admin-pwd
.