Have you ever had something FortiSandbox caught?

Forum|Forum|4 years ago
May 7, 2022
1 reply
1175 views

We've been trying FortiSandbox for couple weeks, and so far it has found few files it rated as malicious. We're sending files from FortiMail and from FortiGate (unencrypted traffic only...). Everything was rated by the AV scanner though, so I guess if we'd have the AV profile in FortiGate it would also catch these?

Currently our SMTP connection comes via a different firewall, but instead of spending money on FortiSandbox it would be of course cheaper to just migrate that traffic to the FortiGates where we already have the UTM bundle.

So, has anyone ever seen FortiSandbox do anything useful? In networks where you have AV software on the clients and FortiGates doing UTM stuff.

FortiSandbox

jintrah_FTNT

Staff

Hello,

Have you configured to send all files or to send suspicious files only to sandbox? In either case, AV would rate it if it had previously known about this file, or after getting the inspection results from sandbox about the same. So for those suspicious files which AV had no prior knowledge, it relies on sandbox results, and would therefore become useful.

Best regards,

Jin

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded