Description This article describes when the following error is seen in the FortiSandBox VM event log : “Sandbox VM is not in good condition, waiting for recovery”, indicating performance issues with FortiSandBox receiving more files than it can process.
Solution On average a file scan on a FortiSandBox VM takes 3 minutes, a VM clone can scan an estimated maximum of 480 files per day.
Note: The number of files FortiSandBox VM can handle is estimated by number of enabled clones and multiplied 480
To check the number of files received by FortiSandBox, go to:
The number of files sent to the Sandbox in the last 24 hours are displayed when the “Scanned by Sandboxing” button in the widget is checked.
To increase the efficiency of file scanning enable “Sandboxing-prefiltering”
Enabling prefiltering improves FortiSandBox performance if it is receiving large amount of files. Note: Whitelisting trusted domains improves FortiSandbox performance
FortiSandbox best practice guide has more detail about improving scan performance, which can be found at FortiSandBox documentation