Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiAdam
Contributor II

Created on ‎03-23-2015 01:44 PM

Malicious vs Suspicious on FortiSandbox

I recently had a client get emailed a file that contained a downloader virus which then infected them with botnet.  The FortiSandbox detected the file as suspicious. 

 

My questions I pose to the forums are:

1.  Is there any way to reclassify a file as malicious if it is known to be so?  The sandbox only things it is suspicious.

2.  If the sandbox finds a malicious file, does it then communicate back to the fortigate to block that file in the future?

 

I'm interested to see who is using the sandbox and what value they are obtaining from it!

3573
0 Kudos
2 REPLIES 2
hfreel
New Contributor

Created on ‎11-17-2015 11:42 AM

So far no value - it shows me that there were suspicious files, but that's it. Where are they and what are they I do not know. 

1764
0 Kudos
FortiAdam
Contributor II
In response to hfreel

Created on ‎11-17-2015 01:14 PM

I'm still not 100% sure on malicious vs. suspicious.  In 5.4 the sandbox should be able to update directly to the Fortigate but for previous versions for FortiOS you have to wait for the update to come down from FortiGuard.  

 

It's been a while since I have used the sandbox but you should be able to gain further information as to what the file did when executed in the sandbox.  

1760
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.