Skip to main content
EstDef
EstDef
New Member
September 15, 2022
Question

FortiSandbox malicious jobs not sent to job archive

  • September 15, 2022
  • 5 replies
  • 2130 views

Hello,

 

i have racked my brain for a while now and cannot seem to find an answer. My problem is that in FortiSandbox  i have set up job archiving, so third parties can reanalyze and inspect files that have been deemed harmful. In Scan Policy & Object - Job Archive settings both Malicious and Suspicious files have been ticked. With Suspicious files(Log & Report - File Scan) it works like a charm. With Malicious files from the same page, the Malicious files are not sent to the Job Archive. But i would really need them to be delivered to the archive too.

Has anyone encountered the same problem and/or has a fix/workaround for me ?
Thanks in advance,

Dave

5 replies

Anthony_E
Staff
Anthony_E
Staff
September 18, 2022

Hello EstDef,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Best Regards
EstDef
EstDefAuthor
New Member
September 20, 2022

Thank you @Anthony_E . So far my own searches have also come up short. If i find anything out, i will also write it here but as it is today, still the malicious files are not archived. :(

Anthony_E
Staff
Anthony_E
Staff
September 20, 2022

Hello,

 

Sorry about it :(.

 

we will find a solution I am sure.

Best Regards
Anthony_E
Staff
Anthony_E
Staff
September 26, 2022

HelloEstDef,

 

I hope you are good.

 

I have found this document:

 

https://community.fortinet.com/t5/Fortinet-Forum/FortiSandbox-malicious-jobs-not-sent-to-job-archive/td-p/223871?emcs_t=S2h8ZW1haWx8dW5hbnN3ZXJlZF90aHJlYWR8TDg2R0M0TEhNNEZYNE98MjIzODcxfE9USEVSU3xoSw

 

Could you please tell me if it helps?

 

If not, I will still look for a solution.

 

Regards,

 

 

Best Regards
EstDef
EstDefAuthor
New Member
September 26, 2022

Good morning @Anthony_E 

The link you gave me to look at leads directly here, so its a perpetuous loop :)
So sadly i still have to say that it is not helping. But thanks for suggesting it

 

Best Regards,

EstDef

EstDef
EstDefAuthor
New Member
October 6, 2022

Hey again!

 

I have made slight progress in refining the problem. The problem ONLY occurs when FortiSandbox uses its database to determine the attachement is Malicious. If you ORDER A RESCAN (force the attachement to a VM scan), then the archive function works.
Is there a way to force FortiSandbox database Malicious determined files into a VM scan automatically ?

 

EDIT! If i turn off prefiltering on filetypes, do they all go through a VM scan ? Meaning then they could all end up in that needed archive location too ? e.g i turn off executable prefilter, then ALL executables go through a VM scan ?

 

Thanks in advance,

EstDef

Terms & ConditionsAccessibility statement