Sandbox
To configure the Sandbox tab:
- Create a new profile or edit an existing one:
- Go to Configuration > Profiles.
- Click Create or edit an existing profile.
- In the Name field, enter the desired name of the endpoint profile.
- On the Sandbox tab, configure the following. This feature only works for endpoints where Sandbox Detection was enabled when installing FortiClient. Configure the following options:
Options
Description
Sandbox Mode
Select FortiSASE to configure connection to FortiSASE Sandbox or Standalone FortiSandbox to configure connection to an on-premise standalone FortiSandbox.
IP address/Hostname
For a standalone FortiSandbox, enter the FortiSandbox's IP address, FQDN, or hostname.
Username
Optional. Enter the FortiSandbox username. This option is only available for a standalone FortiSandbox.
Password
Optional. Enter the FortiSandbox password. This option is only available for a standalone FortiSandbox.
Region
FortiSASE Sandbox region.
Time Offset
FortiSASE Sandbox time offset.
File Submission Options
All Files Executed from Removable Media
Submit all files executed on removable media, such as USB drives, to FortiSandbox for analysis.
All Files Executed from Mapped Network Drives
Submit all files executed from mapped network drives.
All Web Downloads
Submit all web downloads.
All Email Downloads
Submit all email downloads.
Remediation Actions
Action
Choose Quarantine or Alert & Notify for infected files. Whether FortiClient quarantines the file depends on if FortiSandbox reports the file as malicious and the Sandbox Detection Verdict Level setting.
Sandbox Detection Verdict Level
Select the desired detection verdict level. For FortiClient to apply the action selected in the Action field to an infected file, FortiSandbox must detect the file as this level or higher. For example, if Action is configured as Quarantine and FortiSandbox Detection Verdict Level is configured as Medium, FortiClient quarantines all infected files that FortiSandbox detects as Medium or a higher level (High or Malicious). FortiClient does not quarantine files for which FortiSandbox returns a verdict below this level (Low Risk or Clean).
Exceptions
Exclude Files from Trusted Sources
Exclude files signed by trusted sources from FortiSandbox submission. Following is a list of sources that FortiSandbox trusts:
- Microsoft
- Fortinet
- Mozilla
- Windows
- Skype
- Apple
- Yahoo!
- Intel
Exclude Specified Folders/Files
Exclude specified folders/files from FortiSandbox submission. You must also create the exclusion list.