I recently had a client get emailed a file that contained a downloader virus which then infected them with botnet. The FortiSandbox detected the file as suspicious.
My questions I pose to the forums are:
1. Is there any way to reclassify a file as malicious if it is known to be so? The sandbox only things it is suspicious.
2. If the sandbox finds a malicious file, does it then communicate back to the fortigate to block that file in the future?
I'm interested to see who is using the sandbox and what value they are obtaining from it!
So far no value - it shows me that there were suspicious files, but that's it. Where are they and what are they I do not know.
I'm still not 100% sure on malicious vs. suspicious. In 5.4 the sandbox should be able to update directly to the Fortigate but for previous versions for FortiOS you have to wait for the update to come down from FortiGuard.
It's been a while since I have used the sandbox but you should be able to gain further information as to what the file did when executed in the sandbox.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.