Frequently asked questions about the send to sandbox feature.
How does the Virtual Network Sensor determine whether to send a file to the sandbox?
With Send to sandbox enabled, the Virtual Network Sensor uses the following rules, in step-by-step order,
to determine whether to submit a file to the sandbox for analysis. If a file does
not match the criteria for any step, the Virtual Network Sensor does not submit the
file to the sandbox.
|
Rule
|
Criteria
|
Action
|
|
1
|
|
Submit file
|
|
2
|
|
Submit file
|
|
3
|
|
Submit file
|
|
4
|
|
Submit file
|
|
5
|
Detected activity matches one of the following rules:
|
Do not submit file
|
|
6
|
Heuristic detections, highly suspicious files
|
Submit file
|
How does enabling TippingPoint Network Sensor and Send to Sandbox at the same time affect credits?
When you enable TippingPoint Network Sensor in conjunction with Send to Sandbox, files
are sent for analysis in addition to URLs. An additional 2,000 credits per 500 Mbps
of bandwidth is required.
What is required for enabling Send to Sandbox on a TPS device in a stack? 
For TPS devices configured in a stack, make sure you enable Send to Sandbox on each
device in the stack. Refresh the Trend Vision One display to ensure that Send to Sandbox
has been enabled.
When you use Send to Sandbox in conjunction with TippingPoint Network Sensor in a
TPS stack, you must enable both services on each device in the stack. Reboot each
enabled device sequentially before enabling the services on the next device in the
stack. Learn more about sequential rebooting. Learn more about configuring a TPS stack in the Trend Micro™ TippingPoint™ TPS Stacking User Guide.