Sandbox Analyzer
BitdefenderSandbox Analyzer provides a powerful layer of protection against advanced threats by performing automatic, in-depth analysis of suspicious files that are not identified by Bitdefender antimalware engines yet. Sandbox Analyzer employs an extensive set of Bitdefender technologies that executes payloads in a contained virtual environment hosted by Bitdefender, analyzes their behavior and reports any subtle system changes that is indicative of malicious intent.
Sandbox Analyzer automatically submits suspicious files residing on the managed endpoints, yet hidden to signature-based antimalware services. Dedicated heuristics embedded in the Antimalware on-access module from Bitdefender Endpoint Security Tools trigger the submission process.
The Sandbox Analyzer service is able to prevent unknown threats from executing on the endpoint. It operates in either monitoring or blocking mode, allowing or denying access to the suspicious file until a verdict is received. Sandbox Analyzer automatically resolves discovered threats according to the remediation actions defined in the security policy for the affected systems.
Additionally, Sandbox Analyzer allows you to manually submit samples directly from Control Center, letting you decide what to do further with them.
Useful topics to get you started:
Important
This topic refers to Sandbox Analyzer Cloud, hosted by Bitdefender. For Sandbox Analyzer On-premises, Bitdefender has announced the end-of-sale date of June 27, 2022, with the end-of-life date being April 30, 2023. To view the documentation for this product, refer to the Legacy section.
Components
Sandbox Analyzer is dependent on the following components:
GravityZone Virtual Appliance
Security agent (Bitdefender Endpoint Security Tools installed on Windows endpoints)
Make sure that your GravityZone license includes Sandbox Analyzer.
Configure the feature
To use Sandbox Analyzer, you need to assign on endpoints a GravityZone policy with this feature enabled and configured. Follow the steps below:
In GravityZoneControl Center, go to the Policies page.
You can either:
Configure the policy details: name, general settings, modules and roles.
For details on how to configure a policy, refer to Configuring computer and virtual machine policies.
To enable the feature, go to the Sandbox Analyzer > Endpoint Sensor section and select the Automatic sample submission from managed endpoints check box.
In the same section, configure the available options, such as connection settings, analysis mode, remediation actions, and content prefiltering, which includes exceptions from submission and file size limit.
For details on configuring this feature in policy, refer to Sandbox Analyzer.
Save the policy.
Go to the Network page and assign the policy to the target Windows endpoints.
For details, refer to Assigning policies.
If you enabled Sandbox Analyzer in an already assigned policy, the endpoints automatically receive the new settings.
Test out the feature
Here is how you test out Sandbox Analyzer in GravityZone.