Fortinet, Inc.
PREVENTING USERS FROM ACCESSING INFECTED FILES BY USING MULTIPLE FILE STORAGE REPOSITORIES AND A SECURE DATA TRANSFER AGENT LOGICALLY INTERPOSED THEREBETWEEN

Abstract:

Systems and methods are provided for ensuring files that are newly introduced to a network or a defined portion thereof are first subjected to desired security checks, by a sandbox appliance, for example, while residing in a segregated data storage area before they are made available for access by copying only known good files to a sanitized storage area that is accessible to users. According to one embodiment, a determination is made by a network security device associated with the enterprise network regarding whether a file stored in a first repository contains malicious content by applying one or more security checks to the file. The users do not have read access to the first repository. When a result of the determination is negative, then the file is copied by the network security device from the first repository to a second repository that is accessible to the users.