Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 5 subscribers
  • Views 1951 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sandstorm - no uploads for analyzing files yet

SimonHartmann

Hello,

we use the Sandstorm Subscription for more than 4 weeks now. Usually we have 60-70 suspicious files per day (50 web and 10 e-mail). But Sandstorm has never uploaded a file to analyze it yet.

Sandstorm is enabled: Webprotection -> Webfilter and E-Mailprotection -> SNMP -> Malware.

We use the latest version of Sophos UTM 9.

Is that normal for a company with 150 devices or is something missing in my configuration for Sandstorm?

Thanks in advance.



This thread was automatically locked due to age.
  • 0

    Hi Simon,

    Sophos security solution sends the suspicious file hash to Sophos Sandstorm to determine if it has been previously analyzed. Now, if it has been previously analyzed, Sophos Sandstorm returns the result to the UTM instantly. The file will be allowed or blocked, depending on the result.

    If the hash has not been seen before, a copy of the suspicious File will be sent to Sophos Sandstorm. File(s) which are clean or the hash which is previously analyzed will not be sent for analysis. Hence, the report reflects that no file is sent for analysis.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Unfiltered HTML