Cloud Sandbox

Cloud Sandbox is a technology that lets you detect advanced threats on a computer. Kaspersky Endpoint Security automatically forwards suspicious files to Cloud Sandbox for analysis. Cloud Sandbox runs these files in an isolated environment to identify malicious activity and decides on their reputation. Data on these files is then sent to Kaspersky Security Network. Therefore, if Cloud Sandbox has detected a malicious file, Kaspersky Endpoint Security will perform the appropriate action to eliminate this threat on all computers where this file is detected.

For Cloud Sandbox to operate, you must enable the use of Kaspersky Security Network.

If you are using Kaspersky Private Security Network, Cloud Sandbox technology is not available.

Cloud Sandbox technology is permanently enabled and is available to all Kaspersky Security Network users regardless of the type of license they are using. If you have already deployed Endpoint Detection and Response Optimum, you can enable a separate counter for threats detected by Cloud Sandbox. You can use this counter to generate statistics during analysis of detected threats.

To enable the Cloud Sandbox counter:

1. In the main window of the Web Console, select Devices → Policies & Profiles.
2. Click the name of the Kaspersky Endpoint Security policy.

   The policy properties window opens.

3. Select the Application settings tab.
4. Go to Detection and Response → Endpoint Detection and Response.
5. Turn on the Cloud Sandbox toggle.
6. Save your changes.

Whenever there is a threat, Kaspersky Endpoint Security activates the counter for threats detected using Cloud Sandbox in the main application window under Threat detection technologies. Kaspersky Endpoint Security will also indicate the Cloud Sandbox threat detection technology in the Report on threats in the Kaspersky Security Center console.

Page top