What is Sandboxing Protection?
While other Email Security add-ons keep you safe from spam, viruses and annoyances such as large attachments, they cannot guarantee the outcome of opening an unknown file. A robust antivirus solution on individual endpoints (such as VIPRE Advanced Security for Home) can often detect harmful files once they land on the user’s machine or when the user tries to access them.
However, with VIPRE Attachment Sandboxing, you can identify both known and unknown (zero-day) malicious content before it even reaches the end user’s inbox. Attachment Sandboxing acts as a catch-all for known malware, zero-day threats, and even advanced threats that appear benign, but can download additional harmful files. Using deep sandbox analysis, Sandboxing inspects and potentially detonates files in contained environment — with the single goal of determining a file’s true nature.
Functioning as part of the email processing stream, Attachment Sandboxing uses sandbox technology to analyze message attachments within a contained Windows environment. By simulating common end user machines, Attachment Sandboxing encourages files to “act as intended” within an enclosed virtual system. The sandbox – proprietary and powerful VIPRE software – carefully monitors every action attempted by each file. Leveraging years of VIPRE threat analysis data and intelligent threat logic, each attachment's start-to-end activity is analyzed, then classified as bad, questionable, or safe.
Threats and suspicious items are quarantined and identified in the VIPRE Email Security Quarantine Report. Non-threats are passed along to the end user as normal email attachments.
Get quick statistics with the Dashboard widget
Attachment Sandboxing displays "quick view" information about sandboxed attachments in a widget on the Email Security Dashboard. The widget gives an overview of recent mail flow with the current count of No Risk, Suspect, and Malicious attachments that have been processed.
For additional detail, click the Tabular Data option to show summarized information in a table.
Message Logs provide sandboxed threat details
As well as a risk result level (No Risk, Suspect, or Malicious), Attachment Sandboxing provides a detailed analysis breakdown and stores it within Email Security’s existing Message Logs.
While viewing a Message Log entry, click the Sandbox Logs tab to dig deeper into the sandbox analysis detail and gain better insight to why items were classified as Suspect or Malicious.
Details on sandbox objects, Windows process changes, YARA rules and more are visible here.
Where Attachment Sandboxing sits in the email processing chain
Sandboxing file attachments can become a time expensive process. While Attachment Sandboxing is quick to determine the nature of a file (less than 2 minutes on average), each file must be looked at individually. Because there could be many files, and therefore a queue and wait time, Attachment Sandboxing sits at the end of the email processing chain.
Other components of Email Security have first access to message processing and inspection, filtering out viruses, spam or other undeliverables. This allows Attachment Sandboxing to focus on emails with attachments that have been otherwise deemed safe.
By processing emails in this order, any queuing or potentially heavy lifting by the sandbox is saved for last.
Carlos Rios
Comments