Sandbox Analysis

Submit samples for analysis in a secure virtual environment.

The Sandbox Analysis app (Threat Intelligence > Sandbox Analysis) is a secure virtual environment that manages and analyzes objects submitted by integrated products and users.

The following table outlines the actions available on the Sandbox Analysis screen.



Submit objects for analysis

Click Submit Object to manually submit an object for analysis in the sandbox.

Configuring the submission settings

Set the daily reserve, view the usage guide and submission usage details, and configure global settings that affect all submissions by clicking the Submission Settings button ().

Manage reports

Create one-time or scheduled reports outlining the following information about high-risk submissions.

  • The numbers of high-risk submissions grouped by submitter category

  • The types of sandbox detections in your organization

Filter submitted objects data

Use the search field and dropdown lists to locate specific submitted objects data.

  • Object: The name of the object

  • Submitter: The product or method that submitted the object to the sandbox

  • Submitted: The date and time the object was submitted to the sandbox

  • SHA-1: The SHA-1 hash value of the object

  • Risk level: The risk level assigned to the object by the sandbox

  • Threat type: The threat type as detected by the sandbox

  • Threat name: The name of the threat as detected by the sandbox

  • Submission ID: The unique ID of a submission


Partial matching applies to Object, Threat type, and Threat name.

Exact matching applies to SHA-1 and Submission ID.

Refresh the table

Click in the upper-right corner to refresh the table.

View object details

Click on any object name to display the Object Details panel.

Download PDF report

Download the Sandbox Analysis report in PDF format by clicking the Download PDF report button ().

Take additional actions

Click the options button () to select additional actions on the submitted object.

Downloading and re-analyzing file objects requires granting Trend Micro permission to save submitted files.

  • Add to Intelligence Reports (): Adds the object to Intelligence Reports and runs an auto sweep

  • View on Threat Connect (): Displays information about the object on Trend Micro Threat Connect

    Trend Micro Threat Connect enables you to identify and investigate potential threats to your environment by correlating suspicious objects detected in your environment with threat data from the Trend Micro Smart Protection Network.

  • Download Investigation Package (): Downloads the Investigation Package of submitted objects with high, medium, and low risk levels

  • Download file object (): Downloads the submitted file object to your computer


    Downloading suspicious samples may potentially harm your endpoint. Ensure that you take the necessary precautions before continuing.

  • Re-analyze (): Submits the file or URL back to the Virtual Analyzer for further analysis


    Re-analysis of objects counts toward the daily reserve.

  • Delete submission (): Deletes the previous analysis results and any associated files from Sandbox Analysis