Hi Community,
Forti sandbox generates malware package, when it found any new malicious file hash the malware package will be updated, and we have the
1)Contribute detected suspicious files to Forti Sandbox Community Cloud. "
Now my query is if the locally detected file rated as malicious but actually it is a false positive not actually malicious, this signature will be created and contribute this signature to "Sandbox Community Cloud". Or FortiGuard
Next time when any one Across the global using Sandbox community cloud" or FortiGuard will also rate this as malicious or not based on this signature?
Thanks.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
@Mehaboobnjmcdirect wrote:Hi Community,
Forti sandbox generates malware package, when it found any new malicious file hash the malware package will be updated, and we have the
1)Contribute detected suspicious files to Forti Sandbox Community Cloud. "
2)Contribute detected suspicious URL to FortiGuard3)Upload detection statistics to FortiGuard. Feature in the sandbox,Now my query is if the locally detected file rated as malicious but actually it is a false positive not actually malicious, this signature will be created and contribute this signature to "Sandbox Community Cloud". Or FortiGuard
Next time when any one Across the global using Sandbox community cloud" or FortiGuard will also rate this as malicious or not based on this signature?
Thanks.
When a locally detected file is rated as malicious but is actually a false positive, and you contribute this signature to the FortiSandbox Community Cloud or FortiGuard, it may affect how others see that file. If the signature is deemed malicious, it could lead to others globally marking the same file as malicious based on that shared signature.
@Mehaboobnjmcdirect wrote:Hi Community,
Forti sandbox generates malware package, when it found any new malicious file hash the malware package will be updated, and we have the
1)Contribute detected suspicious files to Forti Sandbox Community Cloud. "
2)Contribute detected suspicious URL to FortiGuard3)Upload detection statistics to FortiGuard. Feature in the sandbox,Now my query is if the locally detected file rated as malicious but actually it is a false positive not actually malicious, this signature will be created and contribute this signature to "Sandbox Community Cloud". Or FortiGuard
Next time when any one Across the global using Sandbox community cloud" or FortiGuard will also rate this as malicious or not based on this signature?
Thanks.
When a locally detected file is rated as malicious but is actually a false positive, and you contribute this signature to the FortiSandbox Community Cloud or FortiGuard, it may affect how others see that file. If the signature is deemed malicious, it could lead to others globally marking the same file as malicious based on that shared signature.
Hi @soolani
I hope you you know that we have Allow and Block list in Forti sandbox. If i add any hash in the block list, when we receive any new file matching this hash will be rated as malicious based on this added hash in the block list, and new signature will be added to the Malware package, and this will be contributed to Sandbox community cloud /FortiGuard database.
If the contributed hash is related to the Locally detected malicious file which is other than the allow or block list of local sandbox, then it is okay.
My idea is, we should have the segregation while generating the malware package in our local sandbox as mentioned below.
1) Malware package against the Allow or block list (This should not contribute to the sandbox community cloud/Forti Guard database ) why because in this we can have multiple false positives.
2) Malware package against the Static scan /Dynamic scan (behavior-based scan) (contributing this type of hashes to the sandbox community cloud /FortiGuard database makes sense)
Do you agree with this idea?
Thanks @soolani
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.