This help contains the following topics:
The sandbox logs record the sandbox inspection results, including the basic information of packets and inspected files, and threats found in these files.
For more information about the values for the threat family and threat action fields, see "Appendix."
Support of non-default vSystems for this feature depends on the device model. This feature is available on the Web interface only if it is supported.
Only one log operation (import, export, or delete) is allowed at a time.
Only one user can perform a log operation at a time. When you import, export, or delete logs, make sure no one else is performing a log operation.
The detailed information of sandbox logs is displayed only in JSON format.
The field value in the appendix varies by the software version of the sandbox.
Click the Monitor tab.
In the navigation pane, select Security Logs > Sandbox Logs.
Click Import.
In the dialog box that opens, click Yes.
Select a log file and enter the password for the log file. The password was set when the file was exported.
To export logs to the local, perform the following steps:
Click the Monitor tab.
In the navigation pane, select Security Logs > Sandbox Logs.
Click the Filter icon next to a column name.
Specify the search criteria and click OK to display the logs to be exported.
Click Export.
On the page that opens, configure the log export settings.
Table-1 Log export configuration items
Item | Description |
Set password | Enter a password for encrypting the log files. This password must be provided to open the exported log files. |
Logs per file | Specify the maximum number of log entries in each file.
|
Click OK.
Table-2 Value for the threat family field
ID | Threat family |
0 | Others |
1 | Viruses |
2 | Trojans |
3 | Worms |
4 | Backdoors |
5 | Ransomware |
6 | Downloader |
7 | Malicious advertisements |
8 | Malicious scripts |
9 | Macro viruses |
10 | Malicious files with vulnerabilities |
11 | Phishing |
12 | Riskware |
13 | Shell software |
14 | Heuristic behaviors |
15 | Digital currency |
16 | Botnets |
17 | APT intelligence |
18 | Malicious DGA domain names |
Table-3 Value for the threat act field
ID | Threat action |
1 | Enable autorun after the device starts. |
2 | Inject to other processes remotely. |
3 | Reduce the firewall security level or add whitelist entries. |
4 | Bypass User Account Control (UAC) to obtain the administrator privilege. |
5 | Disable the system protection mechanism. |
6 | Detect whether the antivirus software is installed or running in the system. |
7 | Detect whether the file runs in the sandbox or is debugged by the debugger. |
8 | Delete local files. |
9 | DLL hijacking or image hijacking. |
10 | Replace the file to be an EXE file or a DLL file. |
11 | The file uses a name similar to a key process for counterfeiting. |
12 | Infect the existing PE files. |
13 | Load the driver. |
14 | Modify the security policies of the IE browser. |
15 | Add or modify a Windows account. |
16 | Add or modify a Windows service. |
17 | Suspicious network connection. |
18 | Create a suspicious process and release a suspicious file. |
19 | Release an executable program. |
20 | Automatic shutdown, automatic restart or automatic logout. |
21 | The PE file execution releases a script file. |
22 | Modify the hosts file. |
23 | Hook the key functions of the program. |
24 | Promote the privilege of the program. |
25 | The script file uses the PowerShell. |
26 | Malicious network behaviors of the script file. |
27 | Access sensitive files, such as the files storing the browser username and password. |
28 | Using the Android software consumes the call charge. |
29 | Malicious advertisements on the Android software. |
30 | The Android software steals user privacy. |
31 | File faking |
32 | Modify the file hidden attribute. |
33 | Malicious network behaviors of an executable file. |
34 | Malicious shortcut files |
35 | Suspicious macro viruses |
200 | Viruses |
201 | Spyware |
202 | Worms |
203 | Backdoors |
204 | Ransomware |
205 | Downloader |
206 | Malicious advertisements |
207 | Malicious scripts |
208 | Malicious files with vulnerabilities |
209 | Virus generator |
210 | Shell software |
211 | Heuristic behaviors |
212 | Riskware |
213 | Phishing |
214 | Macro viruses |
215 | Other threat types |