Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
x_member
Contributor

FortiCloud Sandbox - Cannot see details of "High Risk" files, alert emails not received

In the recently upgraded Forticloud portal under the Sandbox tab I can see 4 files over the past week classified as 'High Risk' (they show as 'Malicious' in the FortiSandbox console on the appliance).

When I go to view their details, on the portal they are blank, and I can find no way of actually establishing what files they were.

Each of the 4 files have an associated 'Email Sent Time' entry on the Portal. None of these emails were received (checked in Spam and mail server queues) and I can see no indication that they have ever really been sent.

The files concerned are part of expected FTP traffic overnight generated by a scheduled task to perform a backup of our live websites (msdeploy, 7zip). This task has been in place over 5 months and runs daily, however only 4 high risk alerts (2 blocks of 2 4 days apart) have been raised in the past 31 days

 

How do I establish which files these are (and why they are being classified as malicious) through the Sandbox?

Surely there is some way of determining which files are (occasionally) tripping the Sandbox malicious file detection.

I'd rather not have to diff the source and destination..

 

11 REPLIES 11
x_member

hfreel wrote:

Good luck. Let me know how you make out. 

 

Fix has been rolled out to FortiCloud and I've been advised that the 'Alert Emails' were not actually sent - part of the same issue apparently.

I'm told that this is now all resolved, and the ticket has been closed.

 

Hopefully you won't see the issue any more either.

hfreel

OK Thanks, I'll keep an eye on it.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors