Print Download PDF Send Feedback

Previous

Next

SandBlast Agent Threat Extraction and Threat Emulation

In This Section:

Overview of SandBlast Agent Threat Extraction and Threat Emulation

Configuring Threat Extraction and Threat Emulation Rules

Web Download Protection

File System Emulation

SandBlast Environment Settings

Exclusions and Inspection Settings

Zero Phishing Settings

Overview of SandBlast Agent Threat Extraction and Threat Emulation

Threat Emulation detects zero-day and unknown attacks. Files on the endpoint computer are sent to a sandbox for emulation to detect evasive zero-day attacks.

Threat Extraction proactively protects users from malicious content. It quickly delivers safe files while the original files are inspected for potential threats.

As part of the Threat Extraction and Threat Emulation solution, when the SandBlast Agent client is installed on a client computer, the SandBlast Agent Browser Extension is also installed on the Google Chrome browser. The SandBlast Agent Browser Extension protects against malicious files that come from internet sources.

See all Threat Extraction and Threat Emulation logs in SmartLog under Threat Emulation.

Configure the settings in the SandBlast Agent Threat Extraction and Threat Emulation rule of in the SmartEndpoint Policy tab.

Configuring Threat Extraction and Threat Emulation Rules

For each Action in a rule, select an option, which defines the Action behavior. You can select a predefined Action option or select New to define a custom Action option.

Right-click an Action and select Edit or Edit Shared Action to change the Action behavior.

Changes to policy rules are enforced only after you install the policy.