Objects processed by Kaspersky Sandbox may attempt activities on the Internet via the network interface used by virtual machines for Internet access. Kaspersky Sandbox can analyze the behavior of these objects.
If you prohibit Internet access Kaspersky Sandbox uses Internet access emulation to compensate for the lower detection rate due to the lack of Internet access for processed objects.
The network interface to be used by virtual machines for Internet access must be connected to a subnet with the address space that does not intersect with the subnet that the management interface is connected to.
If the security policy of your organization denies access to the Internet from computers of local network users, and you have configured Kaspersky Sandbox network interface to be used by virtual machines for Internet access, there is a risk of the following scenario: A hacker can attach a malicious application to a random file and initiate a Sandbox scan of this file from the computer of a local network user. This file is then exfiltrated from the local network through the network interface used by virtual machines for Internet access while the file is being scanned by Kaspersky Sandbox. |
If virtual machines do not have Internet access, Kaspersky Sandbox detection rate may be significantly decreased.
To configure a network interface used for Internet access of processed objects, proceed as follows:
The management network interface cannot be selected from this list of network interfaces.