SandBlast Agent Threat Extraction and Threat Emulation

In This Section: Overview of SandBlast Agent Threat Extraction and Threat Emulation Configuring Threat Extraction and Threat Emulation Rules Web Download Protection File System Emulation SandBlast Environment Settings Exclusions and Inspection Settings Zero Phishing Settings

Overview of SandBlast Agent Threat Extraction and Threat Emulation

Threat Emulation detects zero-day and unknown attacks. Files on the endpoint computer are sent to a sandbox for emulation to detect evasive zero-day attacks.

Threat Extraction proactively protects users from malicious content. It quickly delivers safe files while the original files are inspected for potential threats.

As part of the Threat Extraction and Threat Emulation solution, when the SandBlast Agent client is installed on a client computer, the SandBlast Agent Browser Extension is also installed on the Google Chrome browser. The SandBlast Agent Browser Extension protects against malicious files that come from internet sources.

See all Threat Extraction and Threat Emulation logs in SmartLog under Threat Emulation.

• Logs related to files from the SandBlast Agent Browser Extension show: Monitor Type - Browser Extension and Browser - Chrome
• Logs related to files from the computer show: Monitor Type - File Monitor

Configure the settings in the SandBlast Agent Threat Extraction and Threat Emulation rule of in the SmartEndpoint Policy tab.

Configuring Threat Extraction and Threat Emulation Rules

For each Action in a rule, select an option, which defines the Action behavior. You can select a predefined Action option or select New to define a custom Action option.

Right-click an Action and select Edit or Edit Shared Action to change the Action behavior.

Changes to policy rules are enforced only after you install the policy.