You can configure integration of Kaspersky Sandbox with external systems to scan files stored in such systems, and to provide access to scan results to the external systems. The application analyzes and evaluates file behavior in an isolated environment but does not establish whether the files contain malicious objects. As a result of the scan, the user of the external system is informed whether the behavior of the file appears suspicious. The user must make an independent decision on subsequent actions with regard to the file.
Interaction of external systems with Kaspersky Sandbox is enabled by a REST API interface.
The application analyzes the header of the file and determines its format, which does not necessarily match the extension of the file. For example, an attacker can send a virus or other malware in an executable file renamed to have the txt extension.