File sandboxing

Note: You must have the Forcepoint Advanced Malware Detection for Email module to use this feature.

Use the Email > Settings > File Sandboxing page to send suspicious files received in email messages to a cloud-hosted sandbox for analysis. The sandbox activates the file, observes the behavior, and compiles a report. If the file is malicious, the message is either quarantined, or an email alert is sent to the administrators that you specify, containing summary information and a link to the report.

A file that qualifies for sandboxing:

  • Is not classified as “malicious” by virus scanning or Forcepoint ThreatSeeker Intelligence
  • Fits the Security Labs profile for suspicious files
  • Is a supported file type for sandboxing.
Note: Because the file was not detected as malicious, it was not blocked and has been delivered to the email recipient.

Steps

  1. File analysis is disabled by default. Select On to send qualified files to the cloud- hosted sandbox for analysis.
  2. Select the analysis mode you wish to use:
    • Monitor only performs the file analysis; however, because the file was not originally detected as malicious, it is not blocked and is delivered to the email recipient regardless of the analysis results.
    • Enforce holds any messages with attachments sent for analysis, and then quarantines those messages found to contain malicious attachments.
  3. Specify the email address of at least one person in your organization who will receive notifications.

    Notifications are sent only for monitor mode. If you have selected the Enforce mode, you may still want to enter an email address in case a message pending analysis is released from quarantine with no further processing before analysis is complete. In this case, a notification will be sent if the attachment is found to be malicious.

    The specified person does not have to be a Forcepoint Email Security Cloud administrator. If you specify multiple email addresses, ensure you enter one address per line.

  4. Select the file types you want to submit for analysis from the File types to scan list.
  5. Click Save.