Skip to main content

About Sandbox Analyzer

Bitdefender Sandbox Analyzer provides a powerful layer of protection against advanced threats by performing automatic, in-depth analysis of suspicious files which are not signed by Bitdefender antimalware engines yet. The sandbox employs an extensive set of Bitdefender technologies to execute payloads in a contained virtual environment hosted by Bitdefender or deployed locally, analyze their behavior and report any subtle system changes that is indicative of malicious intent.

Sandbox Analyzer automatically submits suspicious files residing on the managed endpoints, yet hidden to signature-based antimalware services. Dedicated heuristics embedded in the Antimalware on-access module from Bitdefender Endpoint Security Tools trigger the submission process.

Sandbox Analyzer uses a series of sensors to detonate content from managed endpoints, network traffic streams, centralized quarantine and ICAP servers.

The Sandbox Analyzer service is able to prevent unknown threats from executing on the endpoint. It operates in either monitoring or blocking mode, allowing or denying access to the suspicious file until a verdict is received. Sandbox Analyzer automatically resolves discovered threats according to the remediation actions defined in the security policy for the affected systems.

Additionally, Sandbox Analyzer allows sample manual submission and through API.


The functionality of this module can be provided by Sandbox Analyzer Cloud and Sandbox Analyzer On-premises. Sandbox Analyzer Cloud and Sandbox Analyzer On-premises are available with separate license keys. The cloud instance of Sandbox Analyzer is hosted by Bitdefender. Sandbox Analyzer On-premises requires specific resources for installation and operation on user's infrastructure.

Useful topics to get you started: