FortiSandbox malicious jobs not sent to job archive
i have racked my brain for a while now and cannot seem to find an answer. My problem is that in FortiSandbox i have set up job archiving, so third parties can reanalyze and inspect files that have been deemed harmful. In Scan Policy & Object - Job Archive settings both Malicious and Suspicious files have been ticked. With Suspicious files(Log & Report - File Scan) it works like a charm. With Malicious files from the same page, the Malicious files are not sent to the Job Archive. But i would really need them to be delivered to the archive too.
Has anyone encountered the same problem and/or has a fix/workaround for me ? Thanks in advance,
I have made slight progress in refining the problem. The problem ONLY occurs when FortiSandbox uses its database to determine the attachement is Malicious. If you ORDER A RESCAN (force the attachement to a VM scan), then the archive function works. Is there a way to force FortiSandbox database Malicious determined files into a VM scan automatically ?
EDIT! If i turn off prefiltering on filetypes, do they all go through a VM scan ? Meaning then they could all end up in that needed archive location too ? e.g i turn off executable prefilter, then ALL executables go through a VM scan ?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.