You can configure integration of Kaspersky Sandbox with external systems to scan files stored in such systems, and to provide access to scan results to the external systems. The application analyzes and evaluates file behavior in an isolated environment but does not establish whether the files contain malicious objects. As a result of the scan, the user of the external system is informed whether the behavior of the file appears suspicious. The user must make an independent decision on subsequent actions with regard to the file.
Interaction of external systems with Kaspersky Sandbox is enabled by a REST API interface. To connect the server to external systems, you must allow incoming connections for the Kaspersky Endpoint Security server on TCP port 443.
The application analyzes the header of the file and determines the format of the file, which does not necessarily match the extension of the file. For example, an attacker can send a virus or other malware in an executable file renamed to have the txt extension.
Objects from external systems are scanned only in Windows 7.