Fortinet black logo

Administration Guide

Configuring submission, access, and remediation

Configuring submission, access, and remediation

  1. On the Malware Protection tab, click the Settings icon.

    The settings page displays.

  2. Set the following options, and click OK:

    Wait for FortiSandbox results before allowing file access

    Select to wait for FortiSandbox analysis results before files can be accessed. Clear the checkbox to allow file access before FortiSandbox results are known.

    Timeout (seconds)

    Specify the timeout duration in seconds. After the time expires, file access is allowed, even if FortiSandbox has not returned results and if the Deny Access to file if Sandbox unreachable option is disabled.

    When set to 0, the downloaded file is always released and the popup never displays. See Using the popup window.

    Deny Access to file if Sandbox is unreachable

    Select to deny access to files when FortiClient cannot reach FortiSandbox for file analysis. Clear the checkbox to allow file access if the FortiSandbox unit cannot be reached for scanning. See Examples of FortiSandbox availability and scanning results.

    FortiSandbox Submission Options

    All files executed from mapped network drives

    Select to submit all files that are executed on mapped network drives to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    All files executed from removable media

    Select to submit all files executed on removable media, such as USB drives, to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    All web downloads

    Select to submit all web downloads on the endpoint to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    All email downloads (Ex. Outlook)

    Select to submit all email downloads on the endpoint to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    Remediation Options

    Quarantine infected files

    Select to quarantine infected files.

    Alert & Notify only

    Select to alert and notify the endpoint user about infected files, but not quarantine infected files.

Configuring submission, access, and remediation

  1. On the Malware Protection tab, click the Settings icon.

    The settings page displays.

  2. Set the following options, and click OK:

    Wait for FortiSandbox results before allowing file access

    Select to wait for FortiSandbox analysis results before files can be accessed. Clear the checkbox to allow file access before FortiSandbox results are known.

    Timeout (seconds)

    Specify the timeout duration in seconds. After the time expires, file access is allowed, even if FortiSandbox has not returned results and if the Deny Access to file if Sandbox unreachable option is disabled.

    When set to 0, the downloaded file is always released and the popup never displays. See Using the popup window.

    Deny Access to file if Sandbox is unreachable

    Select to deny access to files when FortiClient cannot reach FortiSandbox for file analysis. Clear the checkbox to allow file access if the FortiSandbox unit cannot be reached for scanning. See Examples of FortiSandbox availability and scanning results.

    FortiSandbox Submission Options

    All files executed from mapped network drives

    Select to submit all files that are executed on mapped network drives to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    All files executed from removable media

    Select to submit all files executed on removable media, such as USB drives, to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    All web downloads

    Select to submit all web downloads on the endpoint to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    All email downloads (Ex. Outlook)

    Select to submit all email downloads on the endpoint to FortiSandbox for analysis. Clear the checkbox to disable this feature.

    Remediation Options

    Quarantine infected files

    Select to quarantine infected files.

    Alert & Notify only

    Select to alert and notify the endpoint user about infected files, but not quarantine infected files.