Malicious vs Suspicious on FortiSandbox

Forum|Forum|11 years ago
March 23, 2015
1 reply
4565 views

I recently had a client get emailed a file that contained a downloader virus which then infected them with botnet. The FortiSandbox detected the file as suspicious.

My questions I pose to the forums are:

1. Is there any way to reclassify a file as malicious if it is known to be so? The sandbox only things it is suspicious.

2. If the sandbox finds a malicious file, does it then communicate back to the fortigate to block that file in the future?

I'm interested to see who is using the sandbox and what value they are obtaining from it!

hfreel

New Member

So far no value - it shows me that there were suspicious files, but that's it. Where are they and what are they I do not know.

FortiAdamAuthor

New Member

I'm still not 100% sure on malicious vs. suspicious. In 5.4 the sandbox should be able to update directly to the Fortigate but for previous versions for FortiOS you have to wait for the update to come down from FortiGuard.

It's been a while since I have used the sandbox but you should be able to gain further information as to what the file did when executed in the sandbox.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded