Fortinet black logo

Administration Guide

Scan Profile Pre-Filter Tab

Copy Link
Copy Doc ID 195387ee-5c8c-11ed-96f0-fa163e15d75b:711860
Download PDF

Scan Profile Pre-Filter Tab

Use the Pre-Filter page file type panel to define file types and URLs that are allowed to enter the job queue if they are from a sniffer, adapter, or device other than FortiMail.

Files or URLs submitted through On-Demand, RPC JSON API, network share, or FortiMail are always put into the job queue even if their file types are not set to enter the job queue.

To allow a file type to enter the job queue:

Click the toggle button to enable it. If the button is grayed out, files of that type are dropped.

To enable pre-filter for selected file types:

Click the toggle button to enable it. If the button is enabled, only suspicious files or unrated URLs are forwarded for VM Scan. The files and URLs will still go through the Static Scan stage. Enabling the prefilter can improve the scan performance. For more information, see Improving Scan Performance in the FortiSandbox Best Practices and Troubleshooting Guide.

To use trust results from trusted resources during pre-filter:

Click the toggle button to enable it. If the button is enabled, files rated by that resources are pre-filtered.

When FortiNDR entrust is enabled, files rated by FortiNDR as clean skip the sandboxing VM scan step.

When Trusted Vendor is enabled, executable files from a small internal list of trusted vendors skip the sandboxing scan step.

When Trust Domain is enabled, files downloaded from a small internal list of trusted domains skip the sandboxing scan step.

Trusted domains:
Trusted vendors:
  • Microsoft

  • Fortinet Technologies

  • Adobe Systems

  • Google

  • Apple

If there is a long queue of pending jobs, consider turning off some file types to the job queue. For example, in most networks, many files are static web files (JavaScript, html, aspx files) and Adobe Flash files. When you have performance issue, consider turning them off.

If a file type is turned off, files of that type already in the job queue will still be processed. You can use the pending-jobs command or Scan Job > Job Queue page to purge them.

To determine the number of each file type and its input source, use the pending-jobs command or the Scan Job > Job Queue page.

Scan Profile Pre-Filter Tab

Use the Pre-Filter page file type panel to define file types and URLs that are allowed to enter the job queue if they are from a sniffer, adapter, or device other than FortiMail.

Files or URLs submitted through On-Demand, RPC JSON API, network share, or FortiMail are always put into the job queue even if their file types are not set to enter the job queue.

To allow a file type to enter the job queue:

Click the toggle button to enable it. If the button is grayed out, files of that type are dropped.

To enable pre-filter for selected file types:

Click the toggle button to enable it. If the button is enabled, only suspicious files or unrated URLs are forwarded for VM Scan. The files and URLs will still go through the Static Scan stage. Enabling the prefilter can improve the scan performance. For more information, see Improving Scan Performance in the FortiSandbox Best Practices and Troubleshooting Guide.

To use trust results from trusted resources during pre-filter:

Click the toggle button to enable it. If the button is enabled, files rated by that resources are pre-filtered.

When FortiNDR entrust is enabled, files rated by FortiNDR as clean skip the sandboxing VM scan step.

When Trusted Vendor is enabled, executable files from a small internal list of trusted vendors skip the sandboxing scan step.

When Trust Domain is enabled, files downloaded from a small internal list of trusted domains skip the sandboxing scan step.

Trusted domains:
Trusted vendors:
  • Microsoft

  • Fortinet Technologies

  • Adobe Systems

  • Google

  • Apple

If there is a long queue of pending jobs, consider turning off some file types to the job queue. For example, in most networks, many files are static web files (JavaScript, html, aspx files) and Adobe Flash files. When you have performance issue, consider turning them off.

If a file type is turned off, files of that type already in the job queue will still be processed. You can use the pending-jobs command or Scan Job > Job Queue page to purge them.

To determine the number of each file type and its input source, use the pending-jobs command or the Scan Job > Job Queue page.