Views:

Submit files and URLs to the sandbox and view the analysis results in Trend Vision One.

Important
Important
  • The daily reserve limits the number of objects you can analyze per day. Objects with a "Not analyzed" risk level do not count toward the daily reserve.
  • The sandbox detects objects identical to previous submissions. Identical objects are not re-analyzed and do not count toward the daily reserve.
Submission limits:
  • Maximum file size: 100 MB (including extracted objects)
  • URLs: Up to 10 per submission; HTTP and HTTPS only
  • Encoding: Use Punycode for domain names and percent-encoding for paths and query strings
  • Command-line arguments: Up to 1,024 characters (Portable Executable (PE) and script files only)
  • Password-protected archives: Default passwords are virus and infected

Procedure

  1. Go to Threat IntelligenceSandbox Analysis.
  2. Click Submit Object.
    The Submit Object panel appears.
  3. Select the object type.
    • File
      1. Click Select and locate a file for submission.
        Important
        Important
        • The sandbox only analyzes supported file types.
        • The total file size cannot exceed 100 MB, including extracted objects.
      2. Select and configure the submission type:
        Note
        Note
        The sandbox uses virus and infected as default passwords. If the submitted object uses either one as a password, you do not need to specify a password.
        • Single file: Submit only one file (default).
          • Arguments: Specify the command line arguments that the sandbox uses to run the submitted file object. Maximum 1,024 characters. Arguments apply only to Portable Executable (PE) files and script files.
          • Archive file password: If the submitted file is a password-protected archive, provide the password.
          • File password: If the submitted file is password-protected, provide the password.
        • Bundle file: Submit multiple related files as one. Bundle submissions allow you to submit an executable along with required dependencies and specify which file the sandbox should run.
          • File to run: Specify the path to the file within the bundle that you want the sandbox to execute.
          • Arguments: To execute specific parameters during analysis, specify the command-line arguments to run the bundle file. Maximum 1,024 characters. Arguments apply only to Portable Executable (PE) and script files.
          • Extraction path: To designate where the sandbox extracts all files, specify the complete path. To extract specific files to different paths, use File Name and Path.
          • Encoding: Specify the character encoding for file names in the bundle file. If not specified, the sandbox uses UTF-8.
          • Bundle file archive password : If the bundle file is password-protected, provide the password.
    • URLs
      1. Specify a URL with a maximum of 2,048 characters and then press ENTER.
        Important
        Important
        • You can submit up to 10 URLs to the sandbox. Each URL counts as a separate object toward the daily reserve.
        • The sandbox can only analyze HTTP and HTTPS addresses.
        • Domain names must use Punycode (RFC-3492) format.
          URL paths and query strings must use percent-encoding (RFC-3986) format.
          Examples of converting URLs to Punycode and percent-encoding:
          • Original: https://www.großliet.com/DOWNLOAD/MANUAL/PC Für Manual 4th Ed.xml
            Punycode and percent-encoding: https://www.grossliet.com/DOWNLOAD/MANUAL/PC%20F%C3%BCr%20Manual%204th%20Ed.xml
          • Original: http://名がドメイン.com/wiki/国際化ドメイン名
            Punycode and percent-encoding: http://xn--v8jxj3d1dzdz08w.com/wiki/%E5%9B%BD%E9%9A%9B%E5%8C%96%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E5%90%8D
      2. (Optional) Click a URL to edit the link.
  4. Click Submit Object.
    The Sandbox Analysis screen displays the status of submitted objects.
    Note
    Note
    The sandbox may not be able to analyze an object for various reasons.