Virtual images of the following operating systems are started on servers hosting the Sandbox component:
The Sandbox component starts objects in these operating systems and analyzes the behavior of the objects to detect malicious activity and signs of targeted attacks to the corporate IT infrastructure.
By default, the maximum file size scanned by the Sandbox module is 100 MB. You can configure scan settings in the administrator menu of the program management console.
The maximum level of nesting for scanned archives is 32.
The maximum number of objects that can be in queue to be scanned by the Sandbox component per day is 10,000 objects. When this limit is reached, the program deletes 10% of the objects that have been queued for scanning the longest and replaces them with new objects queued for scanning. The deleted objects are saved in the program with the status NOT_SCANNED.