Fortinet black logo

Administration Guide

File Scan

Copy Link
Copy Doc ID af12b5b0-1c45-11ea-9384-00505692583a:477118
Download PDF

File Scan

File Scan page shows file based job scans grouped by their ratings. Files submitted through On-Demand are not included. Users can toggle to view Malicious, Suspicious and Clean job ratings. By default, Suspicious jobs are displayed.

In this page, you can view job details and apply search filters. You can select to create a PDF or CSV format snapshot report for files based on search filters.

The following options are available:

File Scan Options

Suspicious

Click the Suspicious icon to view the suspicious jobs.

Clean

Click the Clean icon to view the clean or unknown jobs.

Malicious

Click the Malicious icon to view the malicious jobs.

Show Rescan Job Only

Whenever a new AV signature is downloaded, all jobs from last 48 hours will be done in one AV Scan. Detected viruses will receive a Malicious rating. Users can display them in File Detection > File Scan > Malicious and enable Show Rescan Job Only.

Refresh

Click the button to refresh the entries displayed.

Search

Show or hide the search filter field.

Add Search Filter

Click the search filter field to add search filters. Click the close icon in the search filter field to clear all search filters.

The search filter will be displayed below the search filter field. Click the close icon beside the search filter to remove the filter.

Search filters can be used to filter the information displayed in the GUI.

Export Data

Click the Export Data button to create a PDF or CSV snapshot report. The time to generate the report is dependent on the number of events selected. You can wait till the report is ready to view, or navigate away and find the report later on the Log & Report > Report Center page.

Customize

Click the Customize button to customize the Job View Settings. The change will be applied to all file based scan result pages.

Action

View Details

Click the View Details icon to view the file description and analysis details. The information displayed is dependent on the file selected.

Perform Rescan

For Malicious jobs, users can also select the Rescan icon to perform a manual rescan of the file. By this way, you can find out the behavior of a known virus. You can select to skip Static Scan, AV Scan, Cloud Query, and Sandboxing in the rescan settings. You can find the job on the Scan Input > File On-Demand page.

Archived File

An icon will appear if the file is an Archived File.

FortiGuard Static Scan

The icon displays that the file is rated by the user's overridden verdict or FortiGuard advanced static scan.

File Inside Archive

The icon displays that the file is a file extracted from an archive file.

Rescan Job

The icon displays that the job is Malicious from an AV Rescan or a customized rescan job of a Malicious file.

AV Scan

An icon will appear if this job is from an AV Rescan.

Pagination

Use the pagination options to browse entries displayed.

FortiSandbox has an Anti Virus rescan feature. When a new antivirus signature is available, FortiSandbox will perform a second antivirus scan of all the jobs from the last 48 hours whose ratings are Clean or Suspicious using the new signatures. Detected viruses will be displayed as Malicious jobs with the Rescan icon beside the View Details icon. The original job can still be viewed in the job detail page of the rescanned file by clicking the original job ID.

Virus behavior information is not collected as viruses are detected by the AV scanner. The rescan feature allows you to see how a virus behaves while it is being executed inside a VM.

The displayed columns are determined by settings defined in System > Job View Settings > File Detection Columns page. For more information, see Job View Settings.

To view file details:
  1. Select a file.
  2. Click the View Details icon. A new tab will open. See Appendix A - View Details Page Reference for descriptions of the View Details page.
  3. Close the tab to exit the View Details page.
To rescan a file:
  1. Select a file with Suspicious or Malicious Rating.
  2. Click the Perform Rescan icon.
  3. You can select to skip Static Scan, AV Scan, Cloud Query, and Sandboxing.
  4. Click OK to start the rescan.
  5. Click the close icon or select the Close button to close the dialog box.

Rescan results are found in the Scan Input > File On-Demand.

In this release, the maximum number of events you can export to a PDF report is 1,000; the maximum number of events you can export to a CSV report is 15,000. Jobs over that limit will not be included in the report.

File Scan

File Scan page shows file based job scans grouped by their ratings. Files submitted through On-Demand are not included. Users can toggle to view Malicious, Suspicious and Clean job ratings. By default, Suspicious jobs are displayed.

In this page, you can view job details and apply search filters. You can select to create a PDF or CSV format snapshot report for files based on search filters.

The following options are available:

File Scan Options

Suspicious

Click the Suspicious icon to view the suspicious jobs.

Clean

Click the Clean icon to view the clean or unknown jobs.

Malicious

Click the Malicious icon to view the malicious jobs.

Show Rescan Job Only

Whenever a new AV signature is downloaded, all jobs from last 48 hours will be done in one AV Scan. Detected viruses will receive a Malicious rating. Users can display them in File Detection > File Scan > Malicious and enable Show Rescan Job Only.

Refresh

Click the button to refresh the entries displayed.

Search

Show or hide the search filter field.

Add Search Filter

Click the search filter field to add search filters. Click the close icon in the search filter field to clear all search filters.

The search filter will be displayed below the search filter field. Click the close icon beside the search filter to remove the filter.

Search filters can be used to filter the information displayed in the GUI.

Export Data

Click the Export Data button to create a PDF or CSV snapshot report. The time to generate the report is dependent on the number of events selected. You can wait till the report is ready to view, or navigate away and find the report later on the Log & Report > Report Center page.

Customize

Click the Customize button to customize the Job View Settings. The change will be applied to all file based scan result pages.

Action

View Details

Click the View Details icon to view the file description and analysis details. The information displayed is dependent on the file selected.

Perform Rescan

For Malicious jobs, users can also select the Rescan icon to perform a manual rescan of the file. By this way, you can find out the behavior of a known virus. You can select to skip Static Scan, AV Scan, Cloud Query, and Sandboxing in the rescan settings. You can find the job on the Scan Input > File On-Demand page.

Archived File

An icon will appear if the file is an Archived File.

FortiGuard Static Scan

The icon displays that the file is rated by the user's overridden verdict or FortiGuard advanced static scan.

File Inside Archive

The icon displays that the file is a file extracted from an archive file.

Rescan Job

The icon displays that the job is Malicious from an AV Rescan or a customized rescan job of a Malicious file.

AV Scan

An icon will appear if this job is from an AV Rescan.

Pagination

Use the pagination options to browse entries displayed.

FortiSandbox has an Anti Virus rescan feature. When a new antivirus signature is available, FortiSandbox will perform a second antivirus scan of all the jobs from the last 48 hours whose ratings are Clean or Suspicious using the new signatures. Detected viruses will be displayed as Malicious jobs with the Rescan icon beside the View Details icon. The original job can still be viewed in the job detail page of the rescanned file by clicking the original job ID.

Virus behavior information is not collected as viruses are detected by the AV scanner. The rescan feature allows you to see how a virus behaves while it is being executed inside a VM.

The displayed columns are determined by settings defined in System > Job View Settings > File Detection Columns page. For more information, see Job View Settings.

To view file details:
  1. Select a file.
  2. Click the View Details icon. A new tab will open. See Appendix A - View Details Page Reference for descriptions of the View Details page.
  3. Close the tab to exit the View Details page.
To rescan a file:
  1. Select a file with Suspicious or Malicious Rating.
  2. Click the Perform Rescan icon.
  3. You can select to skip Static Scan, AV Scan, Cloud Query, and Sandboxing.
  4. Click OK to start the rescan.
  5. Click the close icon or select the Close button to close the dialog box.

Rescan results are found in the Scan Input > File On-Demand.

In this release, the maximum number of events you can export to a PDF report is 1,000; the maximum number of events you can export to a CSV report is 15,000. Jobs over that limit will not be included in the report.