Detonation error codes for GravityZone Sandbox Analyzer
Sandbox Analyzer On-premises is a powerful antimalware Bitdefender GravityZone solution, designed to analyze suspicious content through different sensors deployed in the enterprise network. Detonation capabilities include file and URL analysis, covering various file formats that are commonly used in advanced attacks.
When detonating samples in Sandbox Analyzer, you may encounter certain errors. This section provides details about these errors and useful tips on how to fix them.
3001 – An unknown error has occurred while detonating the sample. | |
|---|---|
Description | This error may have multiple causes and requires investigation from Bitdefender. |
Solution | To identify the cause, run the Sandbox Analyzer LogCollector and send the logs to Bitdefender Technical Support. For details on how to use Sandbox Analyzer LogCollector, refer to Using Sandbox Analyzer LogCollector. |
3002 – Could not find a software application to open sample file type during detonation. | |
|---|---|
Description | Sandbox Analyzer uses software applications installed on the detonation image to open specific file types and analyze their behavior. For example, a DOCX type file requires Microsoft Office suite to be installed on the detonation image. This error indicates that the sample could not be analyzed because the required application is missing. |
Solution | Make sure that you have installed the software required to open the sample in the detonation image. To verify that an image can analyze samples, run the Golden Image Tester program inside the virtual machine used for building detonation images. For details on how to use Golden Image Tester, refer to Using Golden Image Tester for GravityZone Sandbox Analyzer. |
3003 – Could not find the image required for sample detonation. | |
|---|---|
Description | The detonation images that analyze samples are hosted in the Sandbox Analyzer VM store. This error occurs when you select in GravityZone Control Center a detonation image, but for some reason that image does not exist in the VM store anymore. |
Solution | To identify the cause, run the Sandbox Analyzer LogCollector and send the logs to Bitdefender Technical Support. For details on how to use Sandbox Analyzer LogCollector, refer to Using Sandbox Analyzer LogCollector. |
3004 – The image for sample detonation is not ready for use. | |
|---|---|
Description | Sandbox Analyzer detonates samples using image that have been built from a golden image. This error indicates that building the image has not finished yet. |
Solution | Check in the Sandbox Analyzer > Infrastructure > Image Management page, from GravityZone Control Center, that the detonation image has the status Ready. |
3005 - The sample file type is not supported for detonation. | |
|---|---|
Description | This error occurs when Sandbox Analyzer ignores a submitted sample from detonation because it is not supported. |
Solution | You can only submit samples of supported formats or types. For the list of supported types, refer to the Appendices > Sandbox Analyzer Objects section. |
3006 – The password provided for the submitted sample was not correct. | |
|---|---|
Description | In the Sandbox Analyzer > Manual Submission page, from GravityZone Control Center, you can specify a password when submitting archives. This error indicates that Sandbox Analyzer could not open the archive because the provided password did not work. |
Solution | Submit the sample and specify the password again. |
3007 – An unknown error has occurred in the guest machine during the sample detonation. | |
|---|---|
Description | This error indicates that something wrong has happened in the virtual machine while detonating the sample. |
Solution | This error requires investigation from Bitdefender. Contact Bitdefender Technical Support for guidance. |
3008 – The sample could not run during the detonation process. | |
|---|---|
Description | This error indicates that Sandbox Analyzer has had issues trying to execute the sample. |
Solution | Submit the sample again. If the error persists, run the Sandbox Analyzer LogCollector and send the logs to Bitdefender Technical Support. For details on how to use Sandbox Analyzer LogCollector, refer to Using Sandbox Analyzer LogCollector. |
3009 – The sample took too long to run during the detonation process. | |
|---|---|
Description | Analyzing a sample may vary depending on the file type, size, and the actions that Sandbox Analyzer performs on. This error indicates analyzing the sample has timed out and, therefore, has failed. |
Solution | Submit the sample again. If the error persists, run the Sandbox Analyzer LogCollector and send the logs to Bitdefender Technical Support. For details on how to use Sandbox Analyzer LogCollector, refer to Using Sandbox Analyzer LogCollector. |
3010 – Could not find a default software application to open the sample file type during the sample detonation. | |
|---|---|
Description | Sandbox Analyzer requires that the detonation image has software configured as default to open specific file types. For example, Sandbox Analyzer uses Adobe Reader to open PDF files if the application if configured as default. This error indicates that, although the application may be present on the machine, Sandbox Analyzer could not use it because it was not configured as default. |
Solution | Follow these steps:
|
3011 – The sample is not compatible with the detonation image. | |
|---|---|
Description | This error indicates that the sample is file type not supported by the operating system running in the virtual machine. It is also possible that the sample is not an executable file, but is has an executable extension. For example, a BAT file named with .EXE extension. |
Solution | Check the sample to be Windows-compatible and to have correct extension. If the error persists, contact Bitdefender Technical Support. |
3012 – No virtual machine configured as default or selected for detonation. | |
|---|---|
Description | This error indicates that no detonation virtual machine was selected in the Sandbox Analyzer settings and neither was configured as default. |
Solution | In GravityZone Control Center, go to the Sandbox Analyzer > Infrastructure > Image Management page and set one of the available virtual machines as default. For manual submission, select at least one virtual machine to perform sample analysis. |