Logging for Forcepoint Advanced Malware Detection
Log entries related to allowed or blocked files contain information about the advanced malware sandbox scan and about the status of the connection to the sandbox service.
The File Filtering Log Data Context shows all log entries related to file filtering events.
The following information is available in log entries:
- The Sandbox Reputation and Scan
Result fields show the file reputation provided by the sandbox service.Note: Logging for allowed files is not enabled by default in the File Filtering Policy. You must enable logging of allowed files to see the sandbox reputation of allowed files in the logs.
- The Scan Report field shows a link to the sandbox analysis report in log entries related to cloud sandbox or local sandbox scans when file analysis is complete.
- When the NGFW Engine receives an updated file reputation from the sandbox service, the File reputation updated Situation matches and a log entry is created.
- If the file reputation is not trustworthy, information messages can include a description of suspicious or malicious behavior observed in the analysis.
- The information messages in log entries related to allowed or blocked files show errors related to the connection to the sandbox service.