I’m just wondering if I upload a file to the Sandbox, does it always get detonated in the cloud sandbox?
In short, no. In some cases, a file that is uploaded via http://filecheck.zscaler.com/ is not actually detonated in the Cloud Sandbox.
- The file sample must be no greater than 20 MB in size in order for it to be analyzed in Sandbox.
- The file must be uploaded from a network and organization that is a paying customer of Cloud Sandbox subscription.
- The file must not be blocked by anti-virus or other Zscaler Advanced Threat Protection security inspection layers. If it is, the file sample will not “reach” the Sandbox.
- The file must be of a supported file type.
- Last, but not least, the file must also not already have a Sandbox verdict. It the file has already been detonated in the Cloud Sandbox, and has a Sandbox verdict and detail behavioral analysis report available, it will not be submitted to the Sandbox for re-detonation.
See this help article for more on the basic use of the Sandbox Scanning Portal:
See this help article for more on how to view the detail Sandbox behavioral analysis report:
See this help article for more on the Sandbox Scanning Portal results: