About the Sandbox Files Found Malicious Report

About the Sandbox Files Found Malicious Report

You must have the Advanced Sandbox subscription to view the Sandbox Files Found Malicious report.

Read about Sandbox Files Found Malicious

Read about what you can do on the Sandbox Files Found Malicious page

The Sandbox Files Found Malicious report highlights unknown files that were sent to Sandbox for analysis and found to be malicious. You can click the file MD5 hash to see the Sandbox Detail Report, view additional transaction information in Web Insights, and export the report to a CSV file. You can view weekly reports from the last six months, not including the current week.

You can view the report in the Admin Portal by going to Analytics > Sandbox Activity Report, and choosing Sandbox Files Found Malicious from the Sandbox Activity Report dropdown menu.
See image.

  1. View the Sandbox Activity Report.
  2. Choose the week to view the report for.
  3. Search and filter the transactions by keywords or phrases.
  4. Export the displayed transactions to a CSV file.
  5. View a list of files that were found to be malicious. For each file, you can see the following:
    • MD5: The MD5 of a file that your organization has seen for the first time. Click to view the Sandbox Detail Report.
    • Category: The classified threat category of the file.
    • Threat Name: The threat name found during Sandbox analysis. Click to view it in the Zscaler Threat Library.
    • File Type: The file type for the file.
    • File Size: The file size for the file.
    • Allowed Transactions: The number of allowed transactions for the file before the file was found to be malicious. These transactions are patient 0 events. The users' devices that successfully downloaded the malicious file might be compromised.
    • Blocked Transactions: The number of blocked transactions for the file after the file was found to be malicious.
    • Analyzed On: The time the Sandbox engine analyzed the file.
  6. View transactions of the file in Web Insights for the selected week.

Screenshot highlighting the features of the Sandbox Files Found Malicious report/

Screenshot of the Sandbox File Found Malicious report.