Fortinet white logo
Fortinet white logo

Administration Guide

Real Time Anti-Phishing

Real Time Anti-Phishing

Real-Time Anti-Phishing (RTAP) is a FortiGuard service offering which detects, in real-time, signs of Phishing, SPAM or Malicious content in a website. The RTAP service is subscription based and available exclusively on FortiSandbox.

How RTAP works:

FortiSandbox receives submissions of website URLs embedded in both emails and files from any supported security fabric or third-party device. FortiSandbox can extract the embedded URLs from documents and QR codes. URLs go through a series of checks beginning with a categorization check from the Web Content Filtering service. If URL Sandboxing Pre-Filter is enabled and the URL is unrated or in one of the general or dynamic web categories such as Information Technology, Dynamic DNS, New Domain, Personal Sites, Web Hosting and URL shortening, then it is submitted to the RTAP service. If URL Sandboxing Pre-Filter is disabled then all URLs are submitted to the RTAP service. For more information, see Web Category.

For the URL to be submitted to the RTAP service, the Scan Profiles must have the WebLink file type associated with a VM image. The URL is submitted to the Sandboxing VM for Dynamic analysis to collect web download behavior. Submissions to the RTAP service are therefore limited to the capacity of VM clones.

Upon receiving a URL, the RTAP service browses the website utilizing several patented and patent-pending techniques to detect any signs of Phishing, SPAM or Malicious characteristics. Each URL submission to the services generally takes between 30 to 60 seconds before a result is sent back to the FortiSandbox.

Real Time Anti-Phishing

Real Time Anti-Phishing

Real-Time Anti-Phishing (RTAP) is a FortiGuard service offering which detects, in real-time, signs of Phishing, SPAM or Malicious content in a website. The RTAP service is subscription based and available exclusively on FortiSandbox.

How RTAP works:

FortiSandbox receives submissions of website URLs embedded in both emails and files from any supported security fabric or third-party device. FortiSandbox can extract the embedded URLs from documents and QR codes. URLs go through a series of checks beginning with a categorization check from the Web Content Filtering service. If URL Sandboxing Pre-Filter is enabled and the URL is unrated or in one of the general or dynamic web categories such as Information Technology, Dynamic DNS, New Domain, Personal Sites, Web Hosting and URL shortening, then it is submitted to the RTAP service. If URL Sandboxing Pre-Filter is disabled then all URLs are submitted to the RTAP service. For more information, see Web Category.

For the URL to be submitted to the RTAP service, the Scan Profiles must have the WebLink file type associated with a VM image. The URL is submitted to the Sandboxing VM for Dynamic analysis to collect web download behavior. Submissions to the RTAP service are therefore limited to the capacity of VM clones.

Upon receiving a URL, the RTAP service browses the website utilizing several patented and patent-pending techniques to detect any signs of Phishing, SPAM or Malicious characteristics. Each URL submission to the services generally takes between 30 to 60 seconds before a result is sent back to the FortiSandbox.