Version:

Version:


Table of Contents

Download PDF
Copy Link

FortiSandbox Cloud support for macOS

FortiClient (macOS) now supports FortiSandbox Cloud. FortiClient (macOS) can send files to FortiSandbox Cloud for analysis. Based on the result, FortiClient allows the user to access the file, or flags the file as malicious and blocks access to it.

The endpoint must be licensed using a license that includes the FortiSandbox feature.

To configure FortiSandbox Cloud in EMS:
  1. In EMS, go to Endpoint Profiles > Manage Profiles.
  2. Select the desired profile.
  3. On the Sandbox tab, enable Sandbox Detection.
  4. For FortiSandbox, select Cloud.
  5. For Inspection Mode, select High-Risk Files.
  6. Click Save.
To verify this feature in FortiClient (macOS):
  1. Open the FortiClient console on a macOS endpoint that you have assigned the selected profile to. After the endpoint receives the latest profile from EMS, go to the Sandbox Detection tab to view the FortiSandbox Cloud status and detections.
  2. Click the Settings icon in the top-right corner. You can view the Sandbox settings.
  3. FortiSandbox Cloud detection occurs based on the EMS configuration. The following shows that a file was downloaded from the Internet and FortiClient submitted it to FortiSandbox Cloud for inspection and analysis. FortiClient also records the detection result and other details. As FortiSandbox Cloud identified this file as malicious, it performed the configured action for malicious files, which is quarantine. The Sandbox Scan notification also displays details such as file location, status, and FortiSandbox score. You can click View recent scans to view details.

    The Sandbox Detection tab also displays the following information:

    Submitted

    Number of files that FortiClient submitted to FortiSandbox.

    Zero-Day

    Number of zero-day files that FortiSandbox detected.

    Clean

    Number of clean files that FortiSandbox detected.

    Pending

    Number of files pending FortiSandbox detection results.

    Zero-day File Details

    Zero-day file details such as file name, configured action upon detection, and the detection time.

FortiSandbox Cloud support for macOS

FortiClient (macOS) now supports FortiSandbox Cloud. FortiClient (macOS) can send files to FortiSandbox Cloud for analysis. Based on the result, FortiClient allows the user to access the file, or flags the file as malicious and blocks access to it.

The endpoint must be licensed using a license that includes the FortiSandbox feature.

To configure FortiSandbox Cloud in EMS:
  1. In EMS, go to Endpoint Profiles > Manage Profiles.
  2. Select the desired profile.
  3. On the Sandbox tab, enable Sandbox Detection.
  4. For FortiSandbox, select Cloud.
  5. For Inspection Mode, select High-Risk Files.
  6. Click Save.
To verify this feature in FortiClient (macOS):
  1. Open the FortiClient console on a macOS endpoint that you have assigned the selected profile to. After the endpoint receives the latest profile from EMS, go to the Sandbox Detection tab to view the FortiSandbox Cloud status and detections.
  2. Click the Settings icon in the top-right corner. You can view the Sandbox settings.
  3. FortiSandbox Cloud detection occurs based on the EMS configuration. The following shows that a file was downloaded from the Internet and FortiClient submitted it to FortiSandbox Cloud for inspection and analysis. FortiClient also records the detection result and other details. As FortiSandbox Cloud identified this file as malicious, it performed the configured action for malicious files, which is quarantine. The Sandbox Scan notification also displays details such as file location, status, and FortiSandbox score. You can click View recent scans to view details.

    The Sandbox Detection tab also displays the following information:

    Submitted

    Number of files that FortiClient submitted to FortiSandbox.

    Zero-Day

    Number of zero-day files that FortiSandbox detected.

    Clean

    Number of clean files that FortiSandbox detected.

    Pending

    Number of files pending FortiSandbox detection results.

    Zero-day File Details

    Zero-day file details such as file name, configured action upon detection, and the detection time.