Kaspersky Sandbox detects and automatically blocks advanced threats on client devices (workstations, computers, servers, also referred to as "workstations").
If you have purchased Kaspersky Endpoint Security for Business and Kaspersky SandBox, you can connect your Artica Proxy in order to send downloaded files from Artica Proxy to SandBox analysis.
Starting Artica 4.30.000000 Service Pack 281, a new feature called SandBox connector allows you to send files to SandBox.
SandBox Connector is available for both Artica Corporate Edition and Community Edition
Currently, only Kaspersky Sandbox is supported.
We plan to provide Cuckoo Sandbox integration.
We intend to improve this section if Artica users are interested in this protection method.
Use the tracker site to express your opinion and features requests on this topic .
The SandBox scan is expected to take several minutes, so the feature cannot block threats in real time.
When a user downloads a file, it is duplicated on the Artica box for SandBox scanning and waiting a maximum of 180 minutes (by default) for analysis.
If a threat is detected, a notification will be displayed on the Artica Web console or will be sent via Syslog/SIEM.
If the file is safe, it will be automatically removed from the Artica file system.
In most cases, download transfers use SSL, if you have not enabled SSL decryption in Artica, only files downloaded via HTTP can be submitted to the SandBox.
Files that exceed 60Mb (not compressed files) will be not submitted to the SandBox.
Do not try to test the eicar test file, it is a text format, the Sandbox is not designed to check text files.