Sandboxing
Overview
Zyxel cloud sandboxing is a security mechanism which provides a safe environment to separate running programs from your network and host devices. Unknown or untrusted programs/codes are uploaded to the Defend Center and executed within an isolated virtual machine (VM) to monitor and analyze the zero-day malware and advanced persistent threats (APTs) that may evade the Zyxel Device’s detection, such as anti-malware. Results of cloud sandboxing are sent from the server to the Zyxel Device.
By default, the Zyxel Device sandbox forwards all unknown files and uploads a copy of the files for inspection after checking the received files against its local cache. The scan result from the Defend Center (DC) is added to the Zyxel Device cache and used for future inspection. When a file with malicious or suspicious codes is detected, the Zyxel Device can take specific actions on the threats.
Note: The scan result will be removed from the Zyxel Device cache after the Zyxel Device restarts.
Alternatively, you can select to hold and inspect the downloaded files for up to two seconds if the downloaded files have never been inspected before.
What You Need to Know
The Zyxel Device may forward files with attachments before Sandbox has completed checking. If Sandbox discovers a suspect file, please contact the receiver of the suspect file and advise him/her not to open it. If he/she already opened it, then please urge him/her to run an up-to-date anti-malware scanner.
If the receiver of a suspect file cannot open a file, Sandbox may have already modified the file by deleting the infected portion. Please check the logs and let the receiver know if this is so.
Sandbox can only check the types of files listed under File Submission Options in the Sandboxing screen. If you disabled Scan and detect EICAR test virus in the Anti-Malware screen, then EICAR test files will be sent to Sandbox.
To use the sandbox, you need to register your Zyxel Device and activate the service license at myZyxel, and then turn on the sandboxing function on the Zyxel Device. See Licensing for more information about registration and service licenses.
Sandboxing Screen
Use this screen to enable sandboxing and specify the actions the Zyxel Device takes when malicious or suspicious files are detected.
Click the Sandboxing icon for more information on the Zyxel Device’s security features.
The following table describes the labels in this screen.
label | description |
|---|---|
General | |
Enable Sandboxing | Select this option to turn on sandboxing on the Zyxel Device. Otherwise, deselect it. |
Action For Malicious File | Specify whether the Zyxel Device deletes (destroy) or forwards (allow) malicious files. Malicious files are files given a high score for malware characteristics by the Defend Center. |
Log For Malicious File | These are the log options for malicious files: no: Do not create a log when a malicious file is detected. log: Create a log on the Zyxel Device when a malicious file is detected. log alert: An alert is an emailed log for more serious events that may need more immediate attention. Select this option to have the Zyxel Device send an alert when a malicious file is detected. |
Action For Suspicious File | Specify whether the Zyxel Device deletes (destroy) or forwards (allow) suspicious files. Suspicious files are files given a medium score for malware characteristics by the Defend Center. |
Log For Suspicious File | These are the log options for suspicious files: no: Do not create a log when a suspicious file is detected. log: Create a log on the Zyxel Device when a suspicious file is detected. log alert: An alert is an emailed log for more serious events that may need more immediate attention. Select this option to have the Zyxel Device send an alert when a suspicious file is detected. |
Advanced Inspection | |
Inspect Selected Downloaded Files | Select the check box to have the Zyxel Device hold the downloaded file for up to two seconds if the downloaded file has never been inspected before. The Zyxel Device will wait for the Defend Center’s result and forward the file in two seconds. Sandbox detection may take longer than two seconds, so infected files could still possibly be forwarded to the user.  The Zyxel Device only checks the file types you selected for sandbox inspection.The scan result will be removed from the Zyxel Device cache after the Zyxel Device restarts. |
File Submission Options | Specify the type of files to be sent for sandbox inspection. |
Terms of Use | Click this link to see what data Zyxel collects from you and how it is used. |
Apply | Click Apply to save your changes. |
Reset | Click Reset to return the screen to its last-saved settings. |