Skip to main content

Manual submission

From Sandbox Analyzer > Manual Submission you can send samples of suspicious objects to Sandbox Analyzer, to determine whether they are threats or harmless files.

You can also access the Manual Submission page by clicking the Submit a sample button at the upper-right side of the filtering area in the Sandbox Analyzer page.

Note

To send objects to Sandbox Analyzer, log in to Control Center using any supported web browser.

sandbox-analyzer-manual-submission-upload-on-premises.png

To submit samples to Sandbox Analyzer:

  1. In the Upload page, under Samples, select the object type:

    • Files - Click the Browse button to select the objects you want to submit for behavioral analysis. In case of password-protected archives, you can define one password per upload session in a dedicated field. During the analysis process, Sandbox Analyzer applies the specified password to all submitted archives.

    • URL - Fill in the corresponding field with any URL you want to analyze. You can submit only one URL per session.

  2. Under Detonation settings, configure the analysis parameters for the current session:

    • The Sandbox Analyzer instance you want to use. You can select either the Cloud instance or a Sandbox Analyzer instance installed locally.

      If choosing to use a local Sandbox Analyzer instance, you can select multiple virtual machines where you can send the sample at once.

    • The Sandbox Analyzer instance you want to use. You can select multiple virtual machines where you can send the sample at once.

    • Command-line arguments Add as many command-line arguments as you want, separated by spaces, to alter the operation of certain programs, such as executables. The command-line arguments apply to all submitted samples during analysis.

    • Detonate samples individually. Select the check box to have the files from bundle analyzed one by one.

  3. Under Detonation profile, adjust the complexity level of behavioral analysis, while affecting the Sandbox Analyzer throughput.

    For example, if set to High, Sandbox Analyzer would perform a more accurate analysis on fewer samples, in the same interval, than on Medium or Low.

  4. In the General settings page, you can make configurations that apply to all manual submissions, regardless of session:

    • Time limit for sample detonation (minutes) - Allocate a fixed amount of time to complete the sample analysis. The default value is 4 minutes, but sometimes the analysis may take more time. At the end of the configured interval, Sandbox Analyzer interrupts the analysis and generates a report based on the data collected up to that moment. If interrupted when incomplete, the analysis may contain inaccurate results.

    • Number of reruns allowed - In case of unexpected errors, Sandbox Analyzer tries to detonate the sample as configured until completes the analysis. The default value is 2. That means Sandbox Analyzer will try two more times to detonate the sample in case of error.

    • Prefiltering - Select this option to exclude from detonation samples already analyzed.

    • Internet access during detonation - During analysis, some samples require internet connection to complete the analysis. For best result, it is recommended to keep this option enabled.

    • Click Save to retain the changes.

    sandbox-analyzer-general-settings.PNG
  5. Go back to the Upload page.

  6. Click Submit.

    A progress bar indicates the submission status.

    After submission, the Sandbox Analyzer page displays a new card. When the analysis is complete, the card provides the verdict and the corresponding details.

Note

To manually submit samples to Sandbox Analyzer you must have Manage networks rights.