Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 2 answers
  • Subscribers 2 subscribers
  • Views 9688 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Check if Sandstorm works

eclipse79

Hello,

I would like to check if sandstorm works for web filtering. It is very strange becaus:

  • I correctly set "Refer suspicious items to Sophos Sandstorm" under Filter Actions.
  • I tried to download lot of files (exe/zip/pdf)
  • I didn't see any entries in the Sandbox Activity.
  • I tried to send a .exe compiled by myself, without any digital signature, and open the url in chrome, but I downloaded it successfully, without any AV scan/sandbox.

 

The logs entries in Web filtering has lot of sandbox="-". What does it means? Any ideas?

Thanks



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to brunomc

    Thank you for your quick reply!

    I tried to download these files, both are downloaded without any UTM check!

    In this moment I am out of office, and connected using VPN. Web protection is active for VPN pools too, in fact browsing to eicar-test-file is not allowed, but I can download previous sandstorm utm file without any problem... :( Which could be the cause?

    Thanks

    EDIT: Checking in the log I have seen that sandbox code is=3, os the file is clean: the check works, sorry!

Unfiltered HTML