General Settings
Go to Scan Policy and Object > General Settings to view and configure the General Options.
The following options are available:
Upload malicious and suspicious file information to Sandbox Community Cloud |
Enable to upload malicious and suspicious file and URL information to the Sandbox Community Cloud. If enabled, the original file/URL, file/URL checksum, tracer log, verdict, submitting device serial number, and downloading URL are uploaded. |
|
Submit suspicious URL to Fortinet WebFilter Service |
Enable to submit malware downloading URL to the FortiGuard Web Filter Service. |
|
Upload detection statistics to FortiGuard service |
Enable to upload statistics to FortiGuard. If enabled, the following are uploaded: submitting device serial number and firmware, job-related results and statistics. |
|
Allow Virtual Machines to access external network through outgoing port3 |
Enable to allow Virtual Machines to access external network through the outgoing port3. For further details, refer to the port3 (VM outgoing interface) topic in Interfaces. |
|
|
Status |
Port3 status to access the Internet. |
|
Gateway |
Enter the next hop gateway IP address. The System and VM cannot use the same gateway to access the Internet. |
|
Disable SIMNET if Virtual Machines are not able to access external network through outgoing port3 |
Enable to disable SIMNET when Virtual Machines are not able to access external network through the outgoing port3. |
|
DNS |
DNS server used by VM images when a file is scanned. |
|
Use Proxy |
Enable to use the proxy. Configure the Proxy Type, Server Name/IP, Port, Proxy Username, and Proxy Password. When the proxy server is enabled, all the non UDP outgoing traffic started from Sandbox VM will be directed to the proxy server. When a proxy server is used, if the proxy server type is not SOCKS, the system level DNS server is used. If the type is SOCKS5, users need to configure an external DNS server that port3 can access. For other traffic started by FortiSandbox firmware, such as FortiGuard Distribution Network (FDN) upgrades, the configurations should be done under the FortiGuard menu. |
|
Proxy Type |
Select the proxy type from the dropdown list. The following options are available:
UDP protocol is not supported. |
|
Server Name/IP |
Enter the proxy server name or IP address. |
|
Port |
Enter the proxy server port number. |
|
Proxy Username |
Enter a proxy username. |
|
Proxy Password |
Enter the proxy password. |
Apply default passwords to extract archive files |
User can define a list of passwords that can be tried to extract archive files. Input passwords line by line. |
|
Set password for password protected PDF and office files |
User can define one password for PDF and Office files. |
|
Set customized password for original files |
User can define their own password for the original sample when downloaded from FortiSandbox. |
|
Disable Community Cloud Query |
Cloud Query sends checksums to query any previously known rating from other FortiSandbox devices that contribute to the Community Cloud. Cloud Query is enabled by default. We recommend keeping this option enabled to utilize known rating for faster detection. By default the Cloud Query is enabled. Disable the Cloud Query in the following scenarios:
|
|
Disable AV Rescan of finished Jobs |
AV signature updates are frequent (every hour). Running an AV rescan against finished jobs of the last 48 hours could hinder performance. You have the option to disable the AV Rescan to improve performance. |
|
Enable URL call back detection |
Enable URL call back detection. When enabled, previously detected clean URLs in sniffed traffic are frequently queried against Web Filtering service. |
|
Enable log event of file submission |
Enable to log the file submission events of an input source. |
|
|
Devices |
Select to log the file submission events of a device, like FortiGate, FortiMail, or FortiClient. |
|
Adapter |
Select to log the file submission events from an adapter like a Carbon Black server. |
|
Network Share |
Select to log the file submission events when they are from a network share. |
|
ICAP |
Select to log the file submission events from an ICAP client. |
|
BCC Adapter |
Select to log the file submission events from a BCC client. |
|
MTA Adapter |
Select to log the file submission events from a MTA client. |
Reject duplicate file from device |
Enable to reject duplicate files from devices. |
|
Delete original files of Clean or Other rating after |
Enable to delete original files of Clean or Other ratings after a specified time. If the time is 0, the original files with either Clean or Other ratings will not be kept on the system. Original files of Clean or Other rating can be kept in system for a maximum of 4 weeks. |
|
|
Day |
Enter the day. |
|
Hour |
Enter the hour. |
|
Minute |
Enter the minute. |
Delete original files of Malicious or Suspicious rating after |
Enable to delete original files of Malicious or Suspicious ratings after a specified time. |
|
|
Day |
Enter the day. |
|
Hour |
Enter the hour. |
|
Minute |
Enter the minute. |
Delete all traces of jobs of Clean or Other rating after |
Enable to delete all traces of jobs of Clean or Other ratings after a specified time. Traces of jobs with Clean or Other rating can be kept in system for a maximum of 4 weeks. |
|
|
Day |
Enter the day. |
|
Hour |
Enter the hour. |
|
Minute |
Enter the minute. |
Delete all traces of jobs of Malicious or Suspicious rating after |
Enable to delete all traces of jobs of Malicious or Suspicious ratings after a specified time. |
|
|
Day |
Enter the day. |
|
Hour |
Enter the hour. |
|
Minute |
Enter the minute. |
By default, job traces of files with a Clean or Other rating will be kept for three days. |