When does Content Analysis System (CAS) send a file to the sandbox?

book

Article ID: 169128

calendar_today

Updated On:

Products

Content Analysis Software - CA CAS-VA CAS-S200 CAS-S400 CAS-S500

Issue/Introduction

When does Content Analysis System (CAS) send a file to the sandbox?

Resolution

Logic from the CAS perspective is as follows:

  • If File reputation is above the Trusted score, download is allowed
  • If File reputation is below the Trusted score = CAS will scan with Cylance and AV engines
  • If the AV engine reports are positive for malware, it reports back to proxy and blocks the file
  • If the file contains no malware, it send the file to the sandbox for further scanning (as per configuration of the sandbox policy)