FortiClient (macOS) now supports FortiSandbox Cloud. FortiClient (macOS) can send files to FortiSandbox Cloud for analysis. Based on the result, FortiClient allows the user to access the file, or flags the file as malicious and blocks access to it.
The endpoint must be licensed using a license that includes the FortiSandbox feature.
- In EMS, go to Endpoint Profiles > Manage Profiles.
- Select the desired profile.
- On the Sandbox tab, enable Sandbox Detection.
- For FortiSandbox, select Cloud.
- For Inspection Mode, select High-Risk Files.
- Click Save.
- Open the FortiClient console on a macOS endpoint that you have assigned the selected profile to. After the endpoint receives the latest profile from EMS, go to the Sandbox Detection tab to view the FortiSandbox Cloud status and detections.
- Click the Settings icon in the top-right corner. You can view the Sandbox settings.
- FortiSandbox Cloud detection occurs based on the EMS configuration. The following shows that a file was downloaded from the Internet and FortiClient submitted it to FortiSandbox Cloud for inspection and analysis. FortiClient also records the detection result and other details.
As FortiSandbox Cloud identified this file as malicious, it performed the configured action for malicious files, which is quarantine. The Sandbox Scan notification also displays details such as file location, status, and FortiSandbox score. You can click View recent scans to view details.
The Sandbox Detection tab also displays the following information:
Number of files that FortiClient submitted to FortiSandbox.
Number of zero-day files that FortiSandbox detected.
Number of clean files that FortiSandbox detected.
Number of files pending FortiSandbox detection results.
Zero-day File Details
Zero-day file details such as file name, configured action upon detection, and the detection time.