Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 5.0.0 Administration Guide
    5.0.0
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Malware Package

    Malware Package

    Go to Scan Policy and Object > Malware Package, to view the Malware Package list.

    When a scan job is rated as Suspicious (High, Medium or Low Risk) it is marked as false positive, then the system will automatically remove it from the malware package. However, when a job is rated as Clean it is marked false negative. A false negative is not added to the malware package because it can introduce a major breakdown of the fabric without FortiGuard intervention (for example, a Windows file is accidentally overridden to become false-negative).

    RN Section Description

    The following options are available:

    Refresh

    Refresh the Malware Package list.

    View

    Select a package version number and click the View button from the toolbar. The following information is shown:

    • Job Detail: View the file's detailed information. If the unit is joining a global threat information sharing network, only local detection has the Job Detail button available.
    • Mark the detection as False Positive: If marked, the entry will be removed from future Malware Packages. If the unit is joining a global threat information sharing network, the change is also reported to the Collector and is shared by all units in the network.
    • Detected: The time and date that the item was detected.
    • Checksum: The file checksum (SHA256).
    • Rating: The risk rating.
    • Serial Number: From which unit the threat information is from.
    • Global/Local: If this threat information is from a local unit or from another unit.

    Download SHA256

    Download SHA1

    Download MD5

    You have the option to download packages containing malware SHA256, SHA1, and MD5.

    This page displays the following:

    Version

    The malware package release version.

    Release Time

    The malware package release time.

    Total

    The total number of malware antivirus signatures inside the package. The maximum number of signatures is 100K.

    By default, FortiSandbox only keeps malware packages generated in last 3 days.
    Previous
    Next

    Malware Package

    Malware Package

    Go to Scan Policy and Object > Malware Package, to view the Malware Package list.

    When a scan job is rated as Suspicious (High, Medium or Low Risk) it is marked as false positive, then the system will automatically remove it from the malware package. However, when a job is rated as Clean it is marked false negative. A false negative is not added to the malware package because it can introduce a major breakdown of the fabric without FortiGuard intervention (for example, a Windows file is accidentally overridden to become false-negative).

    RN Section Description

    The following options are available:

    Refresh

    Refresh the Malware Package list.

    View

    Select a package version number and click the View button from the toolbar. The following information is shown:

    • Job Detail: View the file's detailed information. If the unit is joining a global threat information sharing network, only local detection has the Job Detail button available.
    • Mark the detection as False Positive: If marked, the entry will be removed from future Malware Packages. If the unit is joining a global threat information sharing network, the change is also reported to the Collector and is shared by all units in the network.
    • Detected: The time and date that the item was detected.
    • Checksum: The file checksum (SHA256).
    • Rating: The risk rating.
    • Serial Number: From which unit the threat information is from.
    • Global/Local: If this threat information is from a local unit or from another unit.

    Download SHA256

    Download SHA1

    Download MD5

    You have the option to download packages containing malware SHA256, SHA1, and MD5.

    This page displays the following:

    Version

    The malware package release version.

    Release Time

    The malware package release time.

    Total

    The total number of malware antivirus signatures inside the package. The maximum number of signatures is 100K.

    By default, FortiSandbox only keeps malware packages generated in last 3 days.
    Previous
    Next