Fortinet black logo

EMS Administration Guide

Sandbox Detection

Sandbox Detection

Enable Sandbox Detection. Some options only display if you enable Advanced view. Configure the following options:

Options

Description

Sandbox Detection

Enable or disable Sandbox Detection.

Server

FortiSandbox

Select the desired FortiSandbox unit from the list of FortiSandbox units configured on the Manage FortiSandboxes pane. See Managing FortiSandbox units.

Wait for FortiSandbox Results before Allowing File Access

Enable to have the endpoint user wait for FortiSandbox scanning results before being allowed access to files. Set the timeout in seconds.

Disable to allow the endpoint user to access files before FortiSandbox results are provided.

Deny Access to File When There Is No Sandbox Result

You have the option to:

  • Deny Access to Downloaded Files If FortiSandbox Is Offline.
  • Enter the Timeout value in seconds. File access is allowed if FortiSandbox results are not received when the timeout expires. Set to -1 to infinitely restrict access to the file.

File Submission Options

All Files Executed from Removable Media

Submit all files executed on removable media, such as USB drives, to FortiSandbox for analysis.

All Files Executed from Mapped Network Drives

Submit all files executed from mapped network drives.

All Web Downloads

Submit all web downloads.

All Email Downloads

Submit all email downloads.

Remediation Actions

Action

Choose Quarantine or Alert & Notify for infected files.

Exceptions

Exclude Files from Trusted Sources

Enable to not submit files signed by trusted sources.

Exclude Specified Folders/Files

Enable to exclude specified folders/files. You must also create the exclusion list.

Sandbox Detection

Enable Sandbox Detection. Some options only display if you enable Advanced view. Configure the following options:

Options

Description

Sandbox Detection

Enable or disable Sandbox Detection.

Server

FortiSandbox

Select the desired FortiSandbox unit from the list of FortiSandbox units configured on the Manage FortiSandboxes pane. See Managing FortiSandbox units.

Wait for FortiSandbox Results before Allowing File Access

Enable to have the endpoint user wait for FortiSandbox scanning results before being allowed access to files. Set the timeout in seconds.

Disable to allow the endpoint user to access files before FortiSandbox results are provided.

Deny Access to File When There Is No Sandbox Result

You have the option to:

  • Deny Access to Downloaded Files If FortiSandbox Is Offline.
  • Enter the Timeout value in seconds. File access is allowed if FortiSandbox results are not received when the timeout expires. Set to -1 to infinitely restrict access to the file.

File Submission Options

All Files Executed from Removable Media

Submit all files executed on removable media, such as USB drives, to FortiSandbox for analysis.

All Files Executed from Mapped Network Drives

Submit all files executed from mapped network drives.

All Web Downloads

Submit all web downloads.

All Email Downloads

Submit all email downloads.

Remediation Actions

Action

Choose Quarantine or Alert & Notify for infected files.

Exceptions

Exclude Files from Trusted Sources

Enable to not submit files signed by trusted sources.

Exclude Specified Folders/Files

Enable to exclude specified folders/files. You must also create the exclusion list.