Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Customized Rating

Use the Customized Rating page to set verdicts for the following cases: VM Timeout, Tracer Engine Timeout, Unextractable Encrypted Archive, and URL whose return code is not 200.

Note

By default, all customized ratings are set as Not Applied. For any other value, the customized rating is always take higher priority if it applies.

The following options can be configured:

VM Timeout

Windows VM cannot be launched properly. This usually occurs on FSA-VM model running on hardware with limited resources.

Select one of the following ratings:

  • Not Applied
  • Unknown
  • Clean
  • Malicious
  • Low Risk
  • Medium Risk
  • High Risk

Tracer Engine Timeout

Tracer Engine is not working properly. For example, the malware crashes the Windows VM or kills the Tracer Engine process. Thus, the tracer log is not available.

Select one of the following ratings:

  • Not Applied
  • Unknown
  • Clean
  • Malicious
  • Low Risk
  • Medium Risk
  • High Risk

Unextractable Encrypted Archive

The archive file is password protected and cannot be extracted with a predefined password list set in the Scan Policy and Object > General Settings page.

Select one of the following ratings:

  • Not Applied
  • Unknown
  • Clean
  • Malicious
  • Low Risk
  • Medium Risk
  • High Risk

URL whose return code is not 200

Block any URL sent to FortiSandbox which returns anything other than 200 OK. You can disable this option by selecting Not Applied.

Select one of the following ratings:

  • Not Applied
  • Unknown
  • Clean
  • Malicious
  • Low Risk
  • Medium Risk
  • High Risk

Customized Rating

Use the Customized Rating page to set verdicts for the following cases: VM Timeout, Tracer Engine Timeout, Unextractable Encrypted Archive, and URL whose return code is not 200.

Note

By default, all customized ratings are set as Not Applied. For any other value, the customized rating is always take higher priority if it applies.

The following options can be configured:

VM Timeout

Windows VM cannot be launched properly. This usually occurs on FSA-VM model running on hardware with limited resources.

Select one of the following ratings:

  • Not Applied
  • Unknown
  • Clean
  • Malicious
  • Low Risk
  • Medium Risk
  • High Risk

Tracer Engine Timeout

Tracer Engine is not working properly. For example, the malware crashes the Windows VM or kills the Tracer Engine process. Thus, the tracer log is not available.

Select one of the following ratings:

  • Not Applied
  • Unknown
  • Clean
  • Malicious
  • Low Risk
  • Medium Risk
  • High Risk

Unextractable Encrypted Archive

The archive file is password protected and cannot be extracted with a predefined password list set in the Scan Policy and Object > General Settings page.

Select one of the following ratings:

  • Not Applied
  • Unknown
  • Clean
  • Malicious
  • Low Risk
  • Medium Risk
  • High Risk

URL whose return code is not 200

Block any URL sent to FortiSandbox which returns anything other than 200 OK. You can disable this option by selecting Not Applied.

Select one of the following ratings:

  • Not Applied
  • Unknown
  • Clean
  • Malicious
  • Low Risk
  • Medium Risk
  • High Risk