...
If this is enabled and the check is skipped because the file is too big, the file is considered “clean” (like if the check was performed and found no problems). If this is disabled, then such file is considered “unclean” “suspicious/dangerous” (like if the check was performed and found a problem) and the whole package will be quarantined.
Block following ratings
The result of a check by the sandbox engine can in case of new unknown threats be one of the following values:
Low risk
Medium risk
High risk
This setting specifies, which of these results are treated as dangerous and will be blocked (quarantined). It is recommended to block medium and high risk results. Low risk is to be considered, as it can be more often a “false positive” result.
Remote access mode
Specifies whether to use HTTP or HTTPS to access the FortiSandbox API. HTTP should be used only in internal networks.
...