FortiGuard Sandbox
Not every piece of malware has a signature yet. This is especially true of new malware and new variations on existing malware. FortiOS can upload suspicious files to FortiGuard Sandbox where the file will be executed and the resulting behavior analyzed for risk. If the file exhibits risky behavior or is found to contain a virus, a new virus signature is created and added to the FortiGuard antivirus signature database. The next time your FortiGate unit updates its antivirus database it will have the new signature.
A file is considered suspicious if it does not contain a known virus and if it has some suspicious characteristics. The suspicious characteristics can change depending on the current threat climate and other factors. Fortinet optimizes how files are uploaded as required.
To configure an Antivirus profile to enable the use of the FortiGuard Sandbox check the checkbox next to Send Files to FortiGuard Sandbox for Inspection (Requires FortiCloud account).
Sending files to the FortiGuard Sandbox does not block files that it uploads. Instead they are used to improve how quickly new threats can be discovered and signatures created for them and added to the FortiGuard antivirus database.
The Advanced Threat Protection dashboard widget shows the number of files that your FortiGate unit has uploaded or submitted to FortiGuard Sandbox.