Sandbox Analysis

Submit samples for analysis in a secure virtual environment.

The Sandbox Analysis app is a secure virtual environment that manages and analyzes objects submitted by integrated products and users.

The following table outlines the actions available on the Sandbox Analysis screen.



Submit Object

Click Submit Object to manually submit an object for analysis in the sandbox.

For more information, see Submitting Objects for Analysis.

Configuring the Submission Settings

Set the daily reserve and view submission usage details by clicking the Submission Settings button ().

  • The number of objects you can analyze is limited by the daily reserve. Objects with a Not analyzed risk level do not count toward the daily reserve.

  • Setting the daily reserve to 0 disables submissions.

  • Each submission reserve requires 50 credits. Once credits are allocated, the daily reserve can be used until the credits expire.

    For example, if you allocate 50 credits for a daily reserve of one submission, you can perform one submission daily until the credits expire or you reallocate the credits to another service.

  • The daily reserve resets each day at 00:00 (UTC).

Manage Reports

Create one-time or scheduled reports outlining the following information about high-risk submissions.

  • The numbers of high-risk submissions grouped by submitter category

  • The types of sandbox detections in your organization

For more information about reports, see Report Management.

Filter submitted objects data

Use the search field and dropdown lists to locate specific submitted objects data.

  • Object: The name of the object

  • Submitter: The product or method that submitted the object to the sandbox

    For more information, see Consolidated Analysis Results.

  • Submitted: The date and time the object was submitted to the sandbox

  • SHA-1: The SHA-1 hash value of the object

  • Risk level: The risk level assigned to the object by the sandbox

  • Threat type: The threat type as detected by the sandbox

  • Threat name: The name of the threat as detected by the sandbox

  • Submission ID: The unique ID of a submission


Partial matching applies to Object, Threat type, and Threat name.

Exact matching applies to SHA-1 and Submission ID.

Refresh the table

Click in the upper-right corner to refresh the table.

View object details

Click on any object name to display the Object Details panel.

Download PDF report

Download the sandbox analysis report in PDF format by clicking the Download PDF report icon ().

Download investigation package

Download the investigation package of submitted objects with High, Medium, and Low risk levels by opening the Object Details panel.

View object on Trend Micro Threat Connect

Threat connect enables you to identify and investigate potential threats to your environment by correlating suspicious objects detected in your environment and threat data from the Trend Micro Smart Protection Network.

See information about the object on Trend Micro Threat Connect by clicking the View on Threat Connect icon ( ).