Limitations of Forcepoint Advanced Malware Detection

There are some limitations when you use Forcepoint Advanced Malware Detection.

• Each engine communicates separately with the sandbox service. If different engines detect the same file before an analysis result is stored on the sandbox server, the engines might upload the same file more than once. If the hash of the file matches a stored result, the engine does not upload the file again.
• To generate permanent links to sandbox analysis reports in log entries, the SMC makes an API query to the sandbox service. Make sure that traffic from the SMC to the API for the sandbox service is allowed. If necessary, add Access rules that allow traffic from the SMC to the sandbox data centers on TCP port 443. If the API query to the sandbox service does not succeed, the SMC generates a unique dynamic link for each sandbox analysis report.

If you use Forcepoint Advanced Malware Detection AirGap, the following additional limitations apply:

• Forcepoint Advanced Malware Detection AirGap does not receive automatic periodic updates. You must manually update the reputation database.
• You must manually update licenses for Forcepoint Advanced Malware Detection AirGap.