Virtual OS Sandbox:
Concurrent instances
OS type supported: Windows XP*, Windows 7, Windows 8.1, Windows 10 and Android
Anti-evasion techniques: sleep calls, process, and registry queries
Callback Detection: malicious URL visit, botnet C&C communication, and attacker traffic from activated malware
Download Capture packets, Original File, Tracer log, and Screenshot
File type support: .7z, .ace, .apk, .arj, .bat, .bz2, .cab, .cmd, .dll, .doc, .docm, .docx, .dot, .dotm, .dotx, .exe, .gz, .htm, html, .jar, .js, .kgb, .lnk, .lzh, .msi, .pdf, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .ps1, .rar, .rtf, .sldm, .sldx, .swf, .tar, .tgz, .upx, url, .vbs, WEBLink, .wsf, .xlam, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xz, .z, .zip
Protocols/applications supported:
Sniffer mode: HTTP, FTP, POP3, IMAP, SMTP, SMB
Integrated mode with FortiGate: HTTP, SMTP, POP3, IMAP, MAPI, FTP, IM and their equivalent SSL-encrypted versions
Integrated mode with FortiMail: SMTP, POP3, IMAP – Integrated mode with FortiWeb: HTTP
Integrated mode with ICAP Client: HTTP
Customize VMs for supporting various file types
Isolate VM image traffic from system traffic
Network threat detection in Sniffer Mode: Identify Botnet activities and network attacks, malicious URL visit
Scan SMB/NFS network share and quarantine suspicious files.Scan can be scheduled
Scan embedded URLs inside document files
Integrate option for third-party Yara rules
Option to auto-submit suspicious files to cloud service for manual analysis and signature creation
Option to forward files to a network share for further third-party scanning
Files checksum whitelist and blacklist option URLs submission for scan and query from emails and files
