Fortinet black logo

Release Notes

Home FortiSandbox 4.4.0 Release Notes
4.4.0
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
3.2.4
3.2.3
3.2.2
3.2.1
3.2.0
3.1.5
3.1.4
3.1.3
3.1.2
3.1.1
3.1.0
3.0.7
3.0.6
3.0.5
3.0.4
3.0.3
3.0.2
3.0.1
3.0.0

New features and enhancements

New features and enhancements

The following is summary of new features and enhancements in version 4.4.0. For details, see the FortiSandbox4.4.0 Administration Guide in the Fortinet Document Library.

Effective Sandboxing Throughput

FortiSandbox v4.4.0 has been rated with up to 10x in Effective Sandboxing Throughput. This increase provides the following benefits:

  • More files are processed and rated over time
  • Fewer Pending Files
  • Faster Scan Time

In Networking, it is comparable to a higher Network Bandwidth where the bigger the bandwidth the more traffic that can pass through. Note that the actual processing scan time remains the same as rating evaluation accuracy are kept the same.

For more information, see the FortiSandbox Datasheet (Specifications > Effective Sandboxing Throughput).

GUI

  • Introduced Custom VM upload and updates directly via GUI.
  • Enhanced and re-organized the setting-related configurations on System and Scan Profile settings to easily navigate through the menus.
  • Enhanced Settings page on Log & Report.
  • Enhanced the System Resource widget of the dashboard.
  • Enhanced File/URL On Demand page to support adjustable columns.
  • Enhanced the FortiClient Security Fabric page by adding filtering and sorting functions and Last Seen column.
  • Enhanced the VM Settings page for usability and improved status indicators.
  • Enhanced Custom VM to upload meta information for installed applications list.
  • Enhanced VM Setting page to combine Windows and MacOS Cloud and separate key counts for local and remote.
  • Enhanced the Admin Profile page layout.
  • Enhanced configuration and field labels on ICAP Adapter pages.
  • Enhanced the Device Security Fabric page by adding filtering and sorting functions and Last Seen column.
  • Enhanced the FortiClient Security Fabric page by adding filtering and sorting functions and Last Seen column.
  • Updated Security statistics on the Scan Performance widget of the dashboard for the 0-day detections.
  • Added Inline Block setting on the device page under Security Fabric.
  • Added test connection on LDAP configuration for remote admin.
  • Added port number field on the FortiAnalyzer device setting for logging.
  • Added VM Interaction feature.
  • Added auto-refresh on Cluster Management web pages to keep synchronized data among the Primary and Worker nodes.
  • Added refresh button on the Job Summary page under HA-Cluster.
  • Renamed Scan Timeout labels on Advanced settings under Scan Profile menu for ease of differentiation.

Fabric integration

  • Introduced FortiSandbox support on Oracle Cloud Infrastructure (OCI) platform.

  • Enhanced ICAP Adapter to support imported certificate.

  • Enhanced ICAP Adapter to support modification of default profile for the multiple ICAP feature.

  • Upgraded SMB support to v3.1.1 for NetShare Scan feature.

  • Added support on application/octet-stream in ICAP Adapter request mode.

  • Added support for ICAP return code 202 indicating submission has been accepted.

  • Added TLS 1.3 Support.

Scan

  • Introduced Real-Time Anti-Phishing service to identify 0-day Phishing sites.
  • Introduced prioritization of Netshare Scan jobs including proper user-rights and groupings.
  • Introduced QR Code analysis of embedded URLs.
  • Introduced configurable filetype list for the Inline Block Scan to select and optimize deployment.
  • Introduced hold feature on Dynamic Scan for submissions from ICAP adapter.
  • Introduced Inline Block via TCP reset on Network Alert feature of Sniffer mode.
  • Introduced Office 2021 support via a new Optional VM.
  • Introduced Windows 11 OS support on Dynamic VM Scan.

  • Introduced scan support of installer type archive file.

  • Enhanced Custom VM setup to allow configuration of CPU and memory settings.
  • Upgraded default configuration of embedded URL to enable.
  • Upgraded DNS query to use port 3 on URL Scan.
  • Upgraded Web Filtering categories to include Terrorism, URL Shortening, Crypto Mining and Potentially Unwanted Program with default risk rating.
  • Upgraded Yara engine to v4.2.3.
  • Added configuration to define override rating for URL categories such as Phishing.
  • Added an option to disable creation of placeholder file on NetShare scan for quarantined file.
  • Added an option to configure scan timeout for executable files in addition to the Office and PDF files.
  • Added Custom Linux VM on AWS platform.

  • Added Dynamic Scan support for Microsoft OneNote files.

System & Security

  • Introduced Self-Check on configurations, connectivity and services.
  • Introduced Single Sign On for admin authentication.
  • Enhanced hardware status on MIB and CLI to include the internal temperature, fan, disk and power supply status.
  • Enhanced Effective Sandboxing Throughput by 5x to 10x.
  • Upgraded System Kernel to latest stable released.
  • Upgraded Python code and library to latest stable version.
  • Upgraded OpenSSL code and library to latest stable version.
  • Upgraded Apache code and library to latest stable version.
  • Added admin user type to control access on device groups and netshare submissions.
  • Added database cleanup for the NetShare Scan based on retention.
  • Added deletion of the built-in admin account.

Logging & Reporting

  • Enhanced display settings and renamed fields of the Job Details.

  • Enhanced Job Detail report on URL Scan to display the Web Filtering category rating and if available the redirected URL.

  • Upgraded MITRE ATT&CK support to version 11 used on Job Detail report.

  • Added File Type info to the event log.

  • Added indicator of using Overflow VMs on the job details.

  • Added warning message on GUI and logging when email accounts processed for MTA adapter exceeds license limit.

API

  • Introduced file submission from a remote and netshare filepaths via API.

CLI

  • Introduced low-level hard disk format to erase all data and still keeping all default licenses.

  • Added a CLI command to display MTA queue.

Previous
Next

New features and enhancements

The following is summary of new features and enhancements in version 4.4.0. For details, see the FortiSandbox4.4.0 Administration Guide in the Fortinet Document Library.

Effective Sandboxing Throughput

FortiSandbox v4.4.0 has been rated with up to 10x in Effective Sandboxing Throughput. This increase provides the following benefits:

  • More files are processed and rated over time
  • Fewer Pending Files
  • Faster Scan Time

In Networking, it is comparable to a higher Network Bandwidth where the bigger the bandwidth the more traffic that can pass through. Note that the actual processing scan time remains the same as rating evaluation accuracy are kept the same.

For more information, see the FortiSandbox Datasheet (Specifications > Effective Sandboxing Throughput).

GUI

  • Introduced Custom VM upload and updates directly via GUI.
  • Enhanced and re-organized the setting-related configurations on System and Scan Profile settings to easily navigate through the menus.
  • Enhanced Settings page on Log & Report.
  • Enhanced the System Resource widget of the dashboard.
  • Enhanced File/URL On Demand page to support adjustable columns.
  • Enhanced the FortiClient Security Fabric page by adding filtering and sorting functions and Last Seen column.
  • Enhanced the VM Settings page for usability and improved status indicators.
  • Enhanced Custom VM to upload meta information for installed applications list.
  • Enhanced VM Setting page to combine Windows and MacOS Cloud and separate key counts for local and remote.
  • Enhanced the Admin Profile page layout.
  • Enhanced configuration and field labels on ICAP Adapter pages.
  • Enhanced the Device Security Fabric page by adding filtering and sorting functions and Last Seen column.
  • Enhanced the FortiClient Security Fabric page by adding filtering and sorting functions and Last Seen column.
  • Updated Security statistics on the Scan Performance widget of the dashboard for the 0-day detections.
  • Added Inline Block setting on the device page under Security Fabric.
  • Added test connection on LDAP configuration for remote admin.
  • Added port number field on the FortiAnalyzer device setting for logging.
  • Added VM Interaction feature.
  • Added auto-refresh on Cluster Management web pages to keep synchronized data among the Primary and Worker nodes.
  • Added refresh button on the Job Summary page under HA-Cluster.
  • Renamed Scan Timeout labels on Advanced settings under Scan Profile menu for ease of differentiation.

Fabric integration

  • Introduced FortiSandbox support on Oracle Cloud Infrastructure (OCI) platform.

  • Enhanced ICAP Adapter to support imported certificate.

  • Enhanced ICAP Adapter to support modification of default profile for the multiple ICAP feature.

  • Upgraded SMB support to v3.1.1 for NetShare Scan feature.

  • Added support on application/octet-stream in ICAP Adapter request mode.

  • Added support for ICAP return code 202 indicating submission has been accepted.

  • Added TLS 1.3 Support.

Scan

  • Introduced Real-Time Anti-Phishing service to identify 0-day Phishing sites.
  • Introduced prioritization of Netshare Scan jobs including proper user-rights and groupings.
  • Introduced QR Code analysis of embedded URLs.
  • Introduced configurable filetype list for the Inline Block Scan to select and optimize deployment.
  • Introduced hold feature on Dynamic Scan for submissions from ICAP adapter.
  • Introduced Inline Block via TCP reset on Network Alert feature of Sniffer mode.
  • Introduced Office 2021 support via a new Optional VM.
  • Introduced Windows 11 OS support on Dynamic VM Scan.

  • Introduced scan support of installer type archive file.

  • Enhanced Custom VM setup to allow configuration of CPU and memory settings.
  • Upgraded default configuration of embedded URL to enable.
  • Upgraded DNS query to use port 3 on URL Scan.
  • Upgraded Web Filtering categories to include Terrorism, URL Shortening, Crypto Mining and Potentially Unwanted Program with default risk rating.
  • Upgraded Yara engine to v4.2.3.
  • Added configuration to define override rating for URL categories such as Phishing.
  • Added an option to disable creation of placeholder file on NetShare scan for quarantined file.
  • Added an option to configure scan timeout for executable files in addition to the Office and PDF files.
  • Added Custom Linux VM on AWS platform.

  • Added Dynamic Scan support for Microsoft OneNote files.

System & Security

  • Introduced Self-Check on configurations, connectivity and services.
  • Introduced Single Sign On for admin authentication.
  • Enhanced hardware status on MIB and CLI to include the internal temperature, fan, disk and power supply status.
  • Enhanced Effective Sandboxing Throughput by 5x to 10x.
  • Upgraded System Kernel to latest stable released.
  • Upgraded Python code and library to latest stable version.
  • Upgraded OpenSSL code and library to latest stable version.
  • Upgraded Apache code and library to latest stable version.
  • Added admin user type to control access on device groups and netshare submissions.
  • Added database cleanup for the NetShare Scan based on retention.
  • Added deletion of the built-in admin account.

Logging & Reporting

  • Enhanced display settings and renamed fields of the Job Details.

  • Enhanced Job Detail report on URL Scan to display the Web Filtering category rating and if available the redirected URL.

  • Upgraded MITRE ATT&CK support to version 11 used on Job Detail report.

  • Added File Type info to the event log.

  • Added indicator of using Overflow VMs on the job details.

  • Added warning message on GUI and logging when email accounts processed for MTA adapter exceeds license limit.

API

  • Introduced file submission from a remote and netshare filepaths via API.

CLI

  • Introduced low-level hard disk format to erase all data and still keeping all default licenses.

  • Added a CLI command to display MTA queue.

Previous
Next