Zscaler Sandbox Questions

Questions about Sandbox :

  1. Virtual environment test lists of cloud sandbox
  2. If attached file come with password, Zscaler sandbox can analyse or not.
  3. If the URL of threat put inside the attached file with many folder layer inside. How many
    layer Zscaler still can detect by Sandbox.

Questions about other :

  1. If customer already have their own public certificate, what’s Zscaler will do in term of
    inspection?
  2. Please share, how can Zscaler integrate with other CASB?
  3. Please share, how can Zscaler integrate with other MDM?

*It will be great if there is reference document to read up more on top of the provided suggested explanation by you guys.

Hello Matthews,

  1. Zscaler Cloud Sandbox will run Windows and Android to test files.
  2. There is a setting to allow or block password-protected files: https://help.zscaler.com/zia/configuring-security-exceptions-malware-protection-policy
  3. Zscaler will scan up to 5 layers of compression. Any files with additional layers of compression can be blocked as unscannable. https://help.zscaler.com/zia/configuring-security-exceptions-malware-protection-policy
  4. The certificate for SSL Inspection can only be a private certificate. No public certificate authority will issue a certificate that will allow the creation of additional SSL certificates for the entire internet. Please see this help article for more information: https://help.zscaler.com/zia/using-custom-certificate-ssl-inspection
  5. Zscaler can integrate with other CASB solutions. You can read more about our integration at the following website: https://www.zscaler.com/partners/technology/cloud-access-security-broker Zscaler can also send the web logs to a CASB vendor for ingestion.
  6. You can read more about our MDM/EMM integrations at the following link: https://www.zscaler.com/partners/technology/enterprise-mobility-management

Warm Regards,
Chris

2 Likes

Hi Chris,

For the password protected files, just wondering can Zscaler sandbox analyse it for any malicious intents?

Thanks for the help.

Regards,
Matthews Loke

Hi Matthews,
Without the password, the file cannot be unarchived and analyzed. One thing I will say though is if another security feed is somehow able to analyze the file and marks the MD5 as malicious, we can block it based on the MD5 match.

Warm Regards,
Chris

1 Like