Sandboxing
Sandboxing general attributes are listed below.
<forticlient_configuration>
<sandboxing>
<enabled>1</enabled>
<type>appliance</type>
<address>n.n.n.n</address>
<response_timeout>30</response_timeout>
<when>
<executables_on_removable_media>1</executables_on_removable_media>
<executables_on_mapped_nw_drives>1</executables_on_mapped_nw_drives>
<web_downloads>1</web_downloads>
<email_downloads>1</email_downloads>
</when>
<submit_by_extensions>
<enabled>1</enabled>
<use_custom_extensions>0</use_custom_extensions>
<custom_extensions>.exe,.php,.tiff,.7z,.gif,.png,.tnef,.asf,.htm,.ppsx,.unk,.cdf,.ico,.ppt,.vcf,.com,.jpeg,.pptx,.xls,.com1,.jpg,.qt,.xlsx,.dll,.mov,.rar,.zip,.doc,.mp3,.rm,.docx,.mp4,.rtf,.pdf,.swf,.jar,.dotx,.docm,.dotm,.xltx,.xlsm,.xltm,.xlsb,.xlam,.potx,.sldx,.pptm,.ppsm,.potm,.ppam,.sldm,.onetoc,.thmx,.bat,.cmd,.vbs,.ps1,.js,.tar,.gz,.xz,.bz2,.arj,.cab,.tgz,.txt,.z,.msi,.msg,.asp,.jsp,.kgb,.url,.dot,.xlt,.pps,.pot,.upx,.apk,.WEBLink,.lnk,.jarlib,.lzh,.htmnojs,.ace,.wsf,.eml,.pub,.mht,.mac,.dmg,.mime</customextensions>
</submit_by_extensions>
<exceptions>
<exclude_files_from_trusted_sources>1</exclude_files_from_trusted_sources>
<exclude_files_and_folders>0</exclude_files_and_folders>
<folders>
<folder>C:\path1\to\folder\,C:\path2\to\folder\</folder>
</folders>
<files>
<file>C:\path\to\file1.txt, C:\path\to\file2.txt</file>
</files>
</exceptions
<remediation>
<action>quarantine</action>
<on_error>block</on_error>
</remediation>
<detect_level>4</detect_level>
</sandboxing>
</forticlient_configuration>
The following table provides endpoint control XML tags, the description, and the default value (where applicable).
XML Tag |
Description |
Default Value |
---|---|---|
<enabled> |
Enable or disable Sandbox Detection. Boolean value: |
|
<type> |
Specify the type of FortiSandbox unit. |
|
<address> |
Specify the IP address or FQDN of the FortiSandbox unit. |
|
<response_timeout> |
Specify the response timeout value in seconds. File access will be allowed if FortiSandbox results are not received when the timeout expires. Set to |
|
<when> elements |
||
<executables_on_removable_media> |
Enable or disable Sandbox Detection for executable files on removable media. Boolean value: [0 | 1]
|
|
<executables_on_mapped_nw_drives> |
Enable or disable Sandbox Detection for executable files on mapped drives. |
|
<web_downloads> |
Enable or disable Sandbox Detection for files downloaded from the Internet. |
|
<email_downloads> |
Enable or disable Sandbox Detection for files downloaded from email. |
|
<submit_by_extension> elements |
||
<enabled> |
Boolean value: |
1 |
<use_custom_extensions> |
Boolean value: |
0 |
<custom_extensions> |
|
|
<exceptions> elements |
||
<exclude_files_from_trusted_sources> |
Enable or disable an exclusion list of trusted sources. When enabled, the list of trusted sources is excluded from Sandbox Detection. Boolean value: |
|
<exclude files_and_folders> |
Enable or disable an exclusion list of files and folders. When enabled, the list of files and folders are excluded from Sandbox Detection. Boolean value: |
|
<files> |
Specify a list of files to exclude. Separate multiple folders with a comma. Example: |
|
<folders> |
Specify a list of folders to exclude. Separate multiple folders with a comma. Example: |
|
<remediation> elements |
||
<action> |
Specify how to handle infected files. Infected files can be quarantined. Alternately you can allow alert endpoint users about infected files, but allow access to infected files. Options:
|
|
<on_error> |
Specify how to handle files when FortiSandbox cannot be reached. You can block or allow access to files. Options:
|
|
<detect_level> |
When value is When value is When value is When value is Possible values: |
4 |