ITarian Help

Find the desired product help

Email Protection

Email Protection

Email Protection Customer Admin

English

Print Help
Policies > Sandboxing In Email Protection
  • Email Protection Customer Admin
  • Email Protection Customer Setup
  • Customer Overview
  • History
    • Searching Email History
    • Managing Email In History
  • Quarantine
    • Enable Quarantine Reports
    • Searching Quarantine
    • Managing Quarantined Email
    • Quarantine Reports
  • Attachment Filtering
    • Extension Filters
    • File Name Filters
    • File Type Filters
    • MIME Type Filters
  • Global Allow & Block List
  • Geoblocking
    • Excluding A Domain From A Geoblocking Rule
    • Excluding An IP From A Geoblocking Rule
    • Adding A Geoblocking Rule
    • Excluding An Email Address From A Geoblocking Rule
  • Pattern Filtering
    • Creating A Single Pattern Filter
    • Editing A Single Pattern Filter
    • Creating A Multi Pattern Filter
    • Editing A Multi Pattern Filter
  • Policies
    • Domain Policies
    • Editing A Domain Policy
    • Sandboxing In Email Protection
  • Reporting
    • Creating A Scheduled Report
    • On Demand Reports
    • Viewing Archived Reports
  • Administrators

Sandboxing in Email Protection



Sandboxing allows for the detection and isolation of files suspected of containing malware so they can be further analyzed. Email Protection uses Bitdefender for sandboxing. During the sandboxing process, Bitdefender only retains hashes of files and corresponding scan results.

Follow the steps below to enable or disable sandboxing (default: enabled).

Sandboxing is be enabled or disabled within a domain policy. A domain policy can be accessed at either the Customer level from Policies > Domain Policies, or at the Domain level from Policies > Domain Policy.

  • From the Customer level, go to Policies > Domain Policies or from the Domain level go to Policies > Domain Policy.
  • Scroll to Virus Filtering and select On.
  • Select Sandbox
  • Select Save Changes to save changes to this domain policy.

HOW SANDBOXING WORKS IN EMAIL PROTECTION

Using a pre-filter that is more aggressive than the normal AV engine, Bitdefender Antivirus determines if an email attachment should or should not be sent to the sandbox. If the engine recommends an attachment be sent to the sandbox, the following occurs:

  • If the email would not otherwise have been blocked by any other means, Email Protection uploads the attachment to the sandbox where it is assigned a job identifier.
  • Email Protection queries the sandbox every fifteen seconds (for up to twenty minutes) to see if the job is complete. During this period, the message delivery status in History is 'Sent to Sandbox'.
  • If no result is returned after twenty minutes, the file is marked as clean and the email passed.
  • If the sandbox returns that the attachment contains malware, the email is blocked as a virus with the virus name assigned as ATP.Sandbox. The message will be listed under Viruses in the relevant Quarantine report.

    Note: You can view emails that have been sandboxed by filtering them in History. Go to Reporting > History > Mail Filters and check 'Sandboxed'.
  • If a message blocked as spam is released and it was originally marked as 'Sent to Sandbox', upon release Email Protection will re-scan the message against the Bitdefender Antivirus engine. This may result in the message getting blocked or being sent to the sandbox.

Comodo Help
  • IT Platform:
  • Help
  • Scripts
  • Wiki
  • Forum
  • Developer
  • RMM
  • Patch Management
  • Service Desk
  • ITSM
  • Managed Service Provider
  • Managed Detection and Response
  • Ticketing System
  • Helpdesk
  • ITIL

Copyright 2024 Itarian