Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Key Features

Key features of FortiSandbox include:
  • Dynamic Anti-malware updates/Cloud query: Receives updates from FortiGuard Labs and send queries to the FortiSandbox Community Cloud in real time, helping to intelligently and immediately detect existing and emerging threats.
  • Code emulation: Performs lightweight sandbox inspection in real time for best performance, including certain malware that uses sandbox evasion techniques and/or only executes with specific software versions.
  • Full virtual environment: Provides a contained runtime environment to analyze high risk or suspicious code and explore the full threat life cycle.
  • Advanced visibility: Delivers comprehensive views into a wide range of network, system and file activity, categorized by risk, to help speed up incident response.
  • Network Alert: Inspects network traffic for requests to visit malicious sites, establish communications with C&C servers, and other activity indicative of a compromise. It provides a complete picture of the victim host's infection cycle.
  • Manual analysis: Allows security administrators to manually upload malware samples via the FortiSandbox web GUI or JSON API to perform virtual sandboxing without the need for a separate appliance.
  • Optional submission to FortiSandbox Community Cloud: Tracer reports, malicious files and other information may be submitted to FortiSandbox Community Cloud in order to receive remediation recommendations and updated in line protections.
  • Schedule scan of network shares: Perform a schedule scan of network shares in Network File System (NFS) v2 to v4 and Common Internet File System (CIFS) formats to quarantine suspicious files.
  • Scan job archive: You can archive scan jobs to a network share for backup and further analysis.
  • Website URL scan: Scan websites to a certain depth for a predefined time period.
  • Cluster supporting High Availability: Provide a non-interruption, high performance system for malware detection.

You can create custom VMs using pre-configured VMs, your own ISO image, or Red Hat VMs on VirtualBox. For more information, contact Fortinet Customer Service & Support.

For information on hard disk hot-swapping procedure, system recovery procedure using Rescue Mode, and password reset procedure, see the FortiSandbox Best Practices and Troubleshooting Guide in the Fortinet Document Library.

In addition to physical and virtual deployments, FortiSandbox is also available as a cloud-based advanced threat protection service. For more information, see https://docs.fortinet.com/product/fortisandbox-cloud/.

Key Features

Key features of FortiSandbox include:
  • Dynamic Anti-malware updates/Cloud query: Receives updates from FortiGuard Labs and send queries to the FortiSandbox Community Cloud in real time, helping to intelligently and immediately detect existing and emerging threats.
  • Code emulation: Performs lightweight sandbox inspection in real time for best performance, including certain malware that uses sandbox evasion techniques and/or only executes with specific software versions.
  • Full virtual environment: Provides a contained runtime environment to analyze high risk or suspicious code and explore the full threat life cycle.
  • Advanced visibility: Delivers comprehensive views into a wide range of network, system and file activity, categorized by risk, to help speed up incident response.
  • Network Alert: Inspects network traffic for requests to visit malicious sites, establish communications with C&C servers, and other activity indicative of a compromise. It provides a complete picture of the victim host's infection cycle.
  • Manual analysis: Allows security administrators to manually upload malware samples via the FortiSandbox web GUI or JSON API to perform virtual sandboxing without the need for a separate appliance.
  • Optional submission to FortiSandbox Community Cloud: Tracer reports, malicious files and other information may be submitted to FortiSandbox Community Cloud in order to receive remediation recommendations and updated in line protections.
  • Schedule scan of network shares: Perform a schedule scan of network shares in Network File System (NFS) v2 to v4 and Common Internet File System (CIFS) formats to quarantine suspicious files.
  • Scan job archive: You can archive scan jobs to a network share for backup and further analysis.
  • Website URL scan: Scan websites to a certain depth for a predefined time period.
  • Cluster supporting High Availability: Provide a non-interruption, high performance system for malware detection.

You can create custom VMs using pre-configured VMs, your own ISO image, or Red Hat VMs on VirtualBox. For more information, contact Fortinet Customer Service & Support.

For information on hard disk hot-swapping procedure, system recovery procedure using Rescue Mode, and password reset procedure, see the FortiSandbox Best Practices and Troubleshooting Guide in the Fortinet Document Library.

In addition to physical and virtual deployments, FortiSandbox is also available as a cloud-based advanced threat protection service. For more information, see https://docs.fortinet.com/product/fortisandbox-cloud/.