Sandbox Integration task settings

The table below describes all available settings and the default values of all the settings that you can specify for the Sandbox Integration task.

Setting	Description	Value

`UseClientCertificate`	Enable and disable two-way authentication to further secure the connection to the Sandbox server. If client certificate validation is enabled on the Sandbox server side, enable the use of a client certificate and add a client certificate before starting the Sandbox Integration task.	`Yes` — use two-way authentication to further secure the connection to the Sandbox server. `No` (default value) — do not use two-way authentication.
`ConnectionTimeout`	Maximum time to wait for a connection to the server in seconds.	The default value is `10`.
`RequestTimeout`	Maximum time to wait for a response from the server in seconds.	The default value is `10`.
`SendingMode`	Mode of sending an object to Sandbox to be scanned	`AutoOnly` (default value) – automatically send files for scanning when an attempt is made to gain access to a file. `Manual` – send files for scanning manually. `AutoAndManual` – send files for scanning automatically as well as manually.
`QuarantineFile`	Quarantine file when a threat is detected.	`Yes` (default value) – if a threat is detected, delete the original file, place a copy of the file in Quarantine. `No` – do not quarantine the file when a threat is detected.
`ScanCriticalAreas`	Perform a critical areas scan when a threat is detected.	`Yes` (default value) – start a critical areas scan when a threat is detected. `No` – do not start a critical areas scan when a threat is detected.
`CreateIocScanTask`	Create an IOC Scan task when a threat is detected.	`Yes` (default) – create an IOC Scan task when a threat is detected. `No` – do not create an IOC Scan task when a threat is detected.
`QuarantineFileOnIocDetected`	Quarantine the object when an indicator of compromise is detected.	`Yes` (default value) – if an indicator of compromise is detected, delete the original object, place a copy of the object in Quarantine. `No` – do not quarantine the object when an indicator of compromise is detected.
`ScanCriticalAreasOnIocDetected`	Perform a critical areas scan when an indicator of compromise is detected.	`Yes` (default value) – start a critical areas scan when an indicator of compromise is detected. `No` – do not start a critical areas scan when an indicator of compromise is detected.
`Drives`	Scopes for the IoC scan.	`Critical` (default) – scan files in user and system directories. `System` – scan all files within the root file system.
`ScheduleMode`	IOC Scan task start mode.	`Manually` (default) – start the IOC Scan task manually. `AfterTreatDetected` – start the IOC Scan task after a threat is detected.
The [Servers.item_#] section contains the settings of the Sandbox server.
`Address`	Address of the server. IP address (IPv4 or IPv6) or fully qualified domain name (FQDN) of the integration server can be specified.	Default value: `127.0.0.1`.
`Port`	Port for connecting to the server.	The default value is `443`.
The [SandboxTransferSettings] section contains settings for sending files for scanning in Sandbox.
`SandboxQueue`	The maximum size of the scan request queue in megabytes.	The default value is `1024`.

Page top