Submitting Objects for Analysis

Submit objects (files and URL addresses) for analysis in a sandbox and view the results in Trend Micro Vision One.

You can submit files or URL addresses for analysis. You can select one object type at a time to submit for analysis.

Important:

  • You can only analyze a limited number of objects per day. Objects with a Not analyzed risk level do not count toward the daily reserve.

    For more information, see Configuring the Submission Settings.

  • The sandbox detects objects identical to previous submissions. Identical objects are not re-analyzed and do not count toward the daily reserve.

    The analysis report for the original object is accessible on the Object Details panel for the identical object, or by clicking the Download icon () on the Sandbox Analysis screen.

  • There are various reasons why the sandbox may not be able to analyze an object.

    For more information, see Possible Reasons for Analysis Failure.

  1. Go to Threat Intelligence > Sandbox Analysis.
  2. Click Submit Object.

    The Submit Object panel appears.

  3. Select the object type:

    • File: Upload and submit a file from your system to analyze.

    • URLs: Submit up to ten URL addresses to analyze. Each URL address counts as a separate object towards the daily reserve.

  4. For submitting a file:
    1. Click Select to locate a file to submit for analysis.
      Note:

      • The total file size cannot exceed 60 MB, including extracted objects.

      • The sandbox only analyzes decrypted content. For encrypted archives, you must specify the password.

      • The sandbox can only analyze supported file types.

        For more information, see Sandbox Supported File Types.

    2. If you are submitting a password-protected archive file or file, specify the passwords.
      Note:

      The sandbox uses virus and infected as default passwords. If the submitted object uses either one as a password, you do not need to specify any passwords here.

    3. Click Submit Object.

    After submitting the object to the sandbox for analysis, you can view the analysis status on the Sandbox Analysis screen.

  5. For submitting URLs:
    1. Type or copy and paste addresses in the URL field to submit for analysis, then press ENTER.
      Note:

      • The sandbox can only analyze HTTP and HTTPS addresses.

      • Each URL cannot exceed 2048 characters in length.

      • Use a new line to separate multiple entries.

      • The domain name must use Punycode (RFC-3492) format.

        The URL path and query strings must use percent-encoding (RFC-3986) format.

        Examples of converting URLs to Punycode and percent-encoding:

        • Original: https://www.großliet.com/DOWNLOAD/MANUAL/PC Für Manual 4th Ed.xml

          Punycode and percent-encoding: https://www.grossliet.com/DOWNLOAD/MANUAL/PC%20F%C3%BCr%20Manual%204th%20Ed.xml

        • Original: http://名がドメイン.com/wiki/国際化ドメイン名

          Punycode and percent-encoding: http://xn--v8jxj3d1dzdz08w.com/wiki/%E5%9B%BD%E9%9A%9B%E5%8C%96%E3%83%89%E3%83%A1%E3%82%A4%E3%83%B3%E5%90%8D

    2. Click a URL to edit the link.
    3. Click Submit Object.
      Note:

      If you submit more than one URL, each URL appears as a separate object on the Sandbox Analysis screen. The sandbox creates a separate report for each URL submission.

    After submitting the object to the sandbox for analysis, you can view the analysis status on the Sandbox Analysis screen.

Parent topic: Sandbox Analysis