Dynamic Analysis
Adaptive Sandbox dynamic analysis features
Step #1 - Open /home/sandbox/sandbox/transform.cfg in a text editor
Step #2 - Modify the configuration by adding or modifying the properties on this page
Step #3 - Save the file and restart the sandbox service
Phishing Detection
runAnesidoraWebForURLToFileSubmissions=truerunAnesidoraWebLookupTimeoutMs=60000| Property Name | Default Value | Description |
|---|---|---|
| runAnesidoraWebForURLToFileSubmissions | true | Switch to enable / disable phishing detection |
| runAnesidoraWebLookupTimeoutMs | 1 minute | Execution timeout |
Script Emulation
Enable JScript, VBScript, HTA/MSHTA and Powershell script emulation
runVBADecoderForOfficeFiles=truerunVBADecoderForPdfFiles=truerunVBADecoderForScriptFiles=truerunVBADecoderForEmbeddedScriptFilesMinimumByteSize=256runVBADecoderForHtmlFiles=truerunVBADecoderForExtractedFiles=truerunVBADecoderForDownloadedFiles=trueanesidoraVBAPerformDeepStaticAnalysisForExtractedFiles=trueanesidoraVBAPerformDeepStaticAnalysisForExtractedFilesMax=10anesidoraVBAPerformDeepStaticAnalysisForExtractedFilesMaxSizeInKb=1024anesidoraVBAExecutionTimeout=90| Property Name | Default Value | Description |
|---|---|---|
| runVBADecoderForOfficeFiles | true | Switch to enable / disable Office file emulation |
| runVBADecoderForPdfFiles | true | Switch to enable / disable PDF file emulation |
| runVBADecoderForScriptFiles | true | Switch to enable / disable script file emulation |
| runVBADecoderForEmbeddedScriptFilesMinimumByteSize | 256 byte | Limit: minimum file size for script file emulation |
| runVBADecoderForHtmlFiles | true | Switch to enable / disable HTML file emulation |
| runVBADecoderForExtractedFiles | true | Emulate extracted files |
| runVBADecoderForDownloadedFiles | true | Emulate downloaded files |
| anesidoraVBAExecutionTimeout | 90 seconds | Execution timeout |
| anesidoraVBAPerformDeepStaticAnalysisForExtractedFiles | true | Execute static analysis on extracted files detected during emulation |
| anesidoraVBAPerformDeepStaticAnalysisForExtractedFilesMax | 10 | Limit: the max number of files execute static analysis on |
| anesidoraVBAPerformDeepStaticAnalysisForExtractedFilesMaxSizeInKb | 1 MB | Limit: the max size of files execute static analysis on |
PE Emulation
Enable Portable Executable emulation
This is an experimental feature
runPortExEmulator=falseportExEmuExecutionTimeout=90portExEmuPerformDeepStaticAnalysisForExtractedFiles=trueportExEmuPerformDeepStaticAnalysisForExtractedFilesMax=10portExEmuPerformDeepStaticAnalysisForExtractedFilesMaxSizeInKb=5120| Property Name | Default Value | Description |
|---|---|---|
| runPortExEmulator | false | Switch to enable / disable PE emulation |
| portExEmuExecutionTimeout | 90 seconds | Execution timeout |
| portExEmuPerformDeepStaticAnalysisForExtractedFiles | true | Execute emulation on extracted files |
| portExEmuPerformDeepStaticAnalysisForExtractedFilesMax | 10 | Limit: max number of extracted files to emulate |
| portExEmuPerformDeepStaticAnalysisForExtractedFilesMaxSizeInKb | 5 MB | Limit: max file size for static analysis of files detected during PE emulation |
Was this page helpful?