Sandboxing is a method of protecting your organization from file-based zero-day threats. Zscaler provides admins with the ability to define advanced sandbox policies. For example, a file with active content can be downloaded to the sandbox for analysis and only viewed or downloaded by the user if it is approved by the defined policy. When the file is being analyzed in the sandbox, based on the policy defined, the file can be quarantined and the user is shown a temporary quarantine page. The analysis of the file can take anywhere between 5 to 10 minutes. If the file is found to be malicious by the sandbox, the file download is blocked. To learn more, see About Sandbox and Configuring the Sandbox Policy.

With quarantine and isolate actions in the sandbox policies, files can be scanned with the additional protection of isolation. When a user downloads a document file that meets the criteria to be sandboxed, the user is redirected to an isolated browser session and can view the file in the isolated container while the sandbox analysis is in progress. After the sandbox analysis is complete and the verdict from the sandbox is “Malicious,” the user can continue viewing the file in isolation, or download a flattened PDF version of the file with no active content onto the local computer. If the sandbox verdict is “Benign,” the user can download the original file onto their device. To learn more, see Using Sandbox Integration with Isolation.

To allow sandboxing files for isolation users, enable this feature through the isolation profile. To learn more, see Creating Isolation Profiles for ZIA.