You receive an alert from FortiSandbox that a file has been rated 'highly malicious'. The FortiGate has the FortiSandbox inline scanning enabled with the action 'block malicious'. However, the file is still being downloaded by users. What is the most likely reason?
If the file type is excluded, FortiGate will not submit it to FortiSandbox for analysis, allowing it to pass.
Why this answer
Option D is correct. Inline scanning requires the file to be forwarded to FortiSandbox; if the file type is not included in the scanning profile (e.g., by file extension, MIME type, or size), it will bypass scanning.