Skip to main content


Sandbox Analyzer

Bitdefender Sandbox Analyzer provides a powerful layer of protection against advanced threats by performing automatic, in-depth analysis of suspicious files which are not signed by Bitdefender antimalware engines yet. The sandbox employs an extensive set of Bitdefender technologies to execute payloads in a contained virtual environment hosted by Bitdefender, analyze their behavior and report any subtle system changes that is indicative of malicious intent.

Sandbox Analyzer automatically submits suspicious files residing on the managed endpoints, yet hidden to signature-based antimalware services. Dedicated heuristics embedded in the Antimalware on-access module from Bitdefender Endpoint Security Tools trigger the submission process.

The Sandbox Analyzer service is able to prevent unknown threats from executing on the endpoint. It operates in either monitoring or blocking mode, allowing or denying access to the suspicious file until a verdict is received. Sandbox Analyzer automatically resolves discovered threats according to the remediation actions defined in the security policy for the affected systems.

Additionally, Sandbox Analyzer allows you to manually submit samples directly from Control Center, letting you decide what to do further with them.

Useful topics to get you started:


This topic refers to Sandbox Analyzer Cloud, hosted by Bitdefender. For Sandbox Analyzer On-premises, Bitdefender has announced the end-of-sale date of June 27, 2022, with the end-of-life date being April 30, 2023. To view the documentation for this product, refer to the Legacy section.