KATA Sandbox
Kaspersky Anti Targeted Attack Platform includes the Sandbox (KATA Sandbox) component. Sandbox is a technology that lets you detect advanced threats on a computer. Sandbox analyzes object behavior to detect malicious activity and activity characteristic of targeted attacks on the IT infrastructure of the organization. Sandbox analyzes and scans objects on special servers with deployed virtual images of Microsoft Windows operating systems (the Sandbox servers). For details about the solution, please refer to the Kaspersky Anti Targeted Attack Platform Help.
To activate KATA Sandbox, you need a license key that includes KATA or KEDR functionality. For details about available functionalities, refer to the Kaspersky Anti Targeted Attack Platform Help.
KATA Sandbox allows scanning files in the following modes:
- Manually. The user manually submits the file for scanning from the context menu (Send to Sandbox). When sending a file to Sandbox, the application also scans the file using anti-virus databases.
- Automatically. The application automatically detects objects and submits them to Sandbox for scanning.
After the file is sent to Sandbox, the file remains accessible to the user. Kaspersky Endpoint Security logs the corresponding event and sends the event to Kaspersky Security Center and the Kaspersky Anti Targeted Attack Platform console. If Sandbox detects malicious activity, Kaspersky Endpoint Security performs a Threat Response action automatically (for example, it deletes the object and initiates a Critical Areas Scan).
For KATA Sandbox to operate in manual mode, Kaspersky Anti Targeted Attack Platform 7.0 or later must be deployed. For KATA Sandbox to operate in automatic mode, Kaspersky Anti Targeted Attack Platform 8.0 or later must be deployed.
Scanning in KATA Sandbox from the context menu