Skip to main content

Sandbox Analyzer

Bitdefender Sandbox Analyzer provides a powerful layer of protection against advanced threats by performing automatic, in-depth analysis of suspicious files that are not identified by Bitdefender antimalware engines yet. Sandbox Analyzer employs an extensive set of Bitdefender technologies that executes payloads in a contained virtual environment hosted by Bitdefender, analyzes their behavior and reports any subtle system changes that is indicative of malicious intent.

Sandbox Analyzer automatically submits suspicious files residing on the managed endpoints, yet hidden to signature-based antimalware services. Dedicated heuristics embedded in the Antimalware on-access module from Bitdefender Endpoint Security Tools trigger the submission process.

The Sandbox Analyzer service is able to prevent unknown threats from executing on the endpoint. It operates in either monitoring or blocking mode, allowing or denying access to the suspicious file until a verdict is received. Sandbox Analyzer automatically resolves discovered threats according to the remediation actions defined in the security policy for the affected systems.

Additionally, Sandbox Analyzer allows you to manually submit samples directly from Control Center, letting you decide what to do further with them.

Useful topics to get you started:


Sandbox Analyzer is dependent on the following components:

  • GravityZone Control Center

  • Security agent (Bitdefender Endpoint Security Tools installed on Windows endpoints)

Make sure that your GravityZone license includes Sandbox Analyzer.

Configure the feature

To use Sandbox Analyzer, you need to assign on endpoints a GravityZone policy with this feature enabled and configured. Follow the steps below:

  1. In GravityZone Control Center, go to the Policies page from the left side menu.

  2. You can either:

    • Create a new policy.

    • Edit one of your existing policies.

  3. Configure the policy details: name, general settings, modules and roles.

    For details on how to configure a policy, refer to Configuring computer and virtual machine policies.

  4. To enable the feature, go to the Sandbox Analyzer > Endpoint Sensor section and select the Automatic sample submission from managed endpoints check box.

  5. In the same section, configure the available options, such as connection settings, analysis mode, remediation actions, and content prefiltering, which includes exceptions from submission and file size limit.

    For details on configuring this feature in policy, refer to Sandbox Analyzer.

  6. Save the policy.

  7. Go to the Network page from the left side menu and assign the policy to the target Windows endpoints.

    For details, refer to Assigning policies.

    If you enabled Sandbox Analyzer in an already assigned policy, the endpoints automatically receive the new settings.

Test out the feature

Here is how you test out Sandbox Analyzer in GravityZone.