Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiAdam
Contributor II

Malicious vs Suspicious on FortiSandbox

I recently had a client get emailed a file that contained a downloader virus which then infected them with botnet.  The FortiSandbox detected the file as suspicious. 

 

My questions I pose to the forums are:

1.  Is there any way to reclassify a file as malicious if it is known to be so?  The sandbox only things it is suspicious.

2.  If the sandbox finds a malicious file, does it then communicate back to the fortigate to block that file in the future?

 

I'm interested to see who is using the sandbox and what value they are obtaining from it!

2 REPLIES 2
hfreel
New Contributor

So far no value - it shows me that there were suspicious files, but that's it. Where are they and what are they I do not know. 

FortiAdam

I'm still not 100% sure on malicious vs. suspicious.  In 5.4 the sandbox should be able to update directly to the Fortigate but for previous versions for FortiOS you have to wait for the update to come down from FortiGuard.  

 

It's been a while since I have used the sandbox but you should be able to gain further information as to what the file did when executed in the sandbox.