Cloud Sandbox

The Cloud Sandbox technology allows detecting advanced threats on the device. The Kaspersky Endpoint Security application automatically sends detected files to Cloud Sandbox for analysis. Cloud Sandbox runs these files in an isolated environment to detect malicious activity and decides on the reputation of these files. Information about these files is then sent to the Kaspersky Security Network. Thus, if Cloud Sandbox detects a malicious file, Kaspersky Endpoint Security performs an action to eliminate the threat on all devices on which it detects this file.

For Cloud Sandbox to work, you need to enable the use of Kaspersky Security Network.

If you are using Kaspersky Private Security Network, the Cloud Sandbox technology is not available.

The Cloud Sandbox technology is always enabled and is available to all users of Kaspersky Security Network, regardless of the type of license under which you are using the application.

If you have the Kaspersky Endpoint Detection and Response Optimum solution deployed, you can enable a separate counter in the Web Console for threats detected using Cloud Sandbox:

• In the policy properties (Application settings → Built-in Agents Configuration → Endpoint Detection and Response)
• In the managed device properties (Assets (Devices) → Managed devices → <device name> link → Applications tab → <Kaspersky Endpoint Security application name> link → Application settings tab → Detection and Response → Endpoint Detection and Response Optimum).

A counter of threats detected by Cloud Sandbox is also displayed in the GUI reports. You can use this counter to compile statistics when analyzing detected threats.

To enable the Cloud Sandbox counter in the Web Console in device properties:

1. In the main window of the Web Console, select Assets (Devices) → Policies and policy profiles.

   The list of policies opens.

2. Select the administration group containing the necessary device. To do so, click the link in the Current path field above the list of managed devices and select an administration group in the window that opens.

   The list displays only the managed devices for the selected administration group.

3. Find your device in the list and click its name.
4. This opens a managed device properties window; in that window, go to the Applications tab.
5. In the list of applications installed on the device, click Kaspersky Endpoint Security.
6. In the application properties window that opens, on the Application settings tab, select Detection and Response and click the Endpoint Detection and Response Optimum link.
7. In the opened window, under Cloud Sandbox, enable the Cloud Sandbox toggle switch.
8. Click OK.

Page top