Fortinet black logo

EMS Administration Guide

Sandbox Detection

Sandbox Detection

Enable Sandbox Detection. Some options only display if you enable Advanced view. Configure the following options:

Options

Description

Sandbox Detection

Enable or disable Sandbox Detection.

Server

IP Address/Hostname

Enter the IP address/host name of the FortiSandbox unit. If the endpoint has not been authorized to connect to the specified FortiSandbox unit, a Not Authorized icon displays beside this field.

Wait for FortiSandbox Results before Allowing File Access

Enable to have the endpoint user wait for FortiSandbox scanning results before being allowed access to files. Set the timeout in seconds.

Disable to allow the endpoint user to access files before FortiSandbox results are provided.

Deny Access to File If FortiSandbox Is Unreachable

You have the option to:

  • Deny Access to Downloaded Files If FortiSandbox Is Offline.
  • Enter the Timeout value in seconds. File access is allowed if FortiSandbox results are not received when the timeout expires. Set to -1 to infinitely restrict access to the file.

Submission

All Files Executed from Removable Media

Select to submit all files executed on removable media, such as USB drives, to FortiSandbox for analysis.

All Files Executed from Mapped Network Drives

Enable to submit all files executed from mapped network drives.

All Web Downloads

Enable to submit all web downloads.

All Email Downloads

Enable to submit all email downloads.

Remediation

Action

Choose Quarantine or Alert & Notify for infected files.

Exceptions

Exclude Files from Trusted Sources

Enable to exclude files from trusted sources.

Exclude Specified Folders/Files

Enable to exclude specified folders/files. You must also create the exclusion list.

Sandbox Detection

Enable Sandbox Detection. Some options only display if you enable Advanced view. Configure the following options:

Options

Description

Sandbox Detection

Enable or disable Sandbox Detection.

Server

IP Address/Hostname

Enter the IP address/host name of the FortiSandbox unit. If the endpoint has not been authorized to connect to the specified FortiSandbox unit, a Not Authorized icon displays beside this field.

Wait for FortiSandbox Results before Allowing File Access

Enable to have the endpoint user wait for FortiSandbox scanning results before being allowed access to files. Set the timeout in seconds.

Disable to allow the endpoint user to access files before FortiSandbox results are provided.

Deny Access to File If FortiSandbox Is Unreachable

You have the option to:

  • Deny Access to Downloaded Files If FortiSandbox Is Offline.
  • Enter the Timeout value in seconds. File access is allowed if FortiSandbox results are not received when the timeout expires. Set to -1 to infinitely restrict access to the file.

Submission

All Files Executed from Removable Media

Select to submit all files executed on removable media, such as USB drives, to FortiSandbox for analysis.

All Files Executed from Mapped Network Drives

Enable to submit all files executed from mapped network drives.

All Web Downloads

Enable to submit all web downloads.

All Email Downloads

Enable to submit all email downloads.

Remediation

Action

Choose Quarantine or Alert & Notify for infected files.

Exceptions

Exclude Files from Trusted Sources

Enable to exclude files from trusted sources.

Exclude Specified Folders/Files

Enable to exclude specified folders/files. You must also create the exclusion list.