Scan
Use Scan to quickly inspect potentially suspicious artifacts for known malware, suspicious patterns, or threat indicators. Scan provides faster results than sandboxing and is ideal for quick, on-demand threat assessments.
Before you Start
Scan availability and access vary by product. Ensure that the following product-specific requirements are met before you proceed:
Product | Requirement |
|---|---|
Intel Exchange | Your user group must have View Sandbox Records and Create Sandbox Records permissions enabled. |
Collaborate | Sandbox must be enabled for your organization. Contact your Collaborate administrator if Sandbox is not available. |
Steps
To scan for quick threat detection, follow these steps:
Access Sandbox and select the Scan tab.
Scan using one of the following submission types:
File: Drag and drop a file or click Browse to select a file from your system to scan. For more information on supported file formats and size limits, see Supported File Types and Size.
Note
ZIP files must contain only one file, and the extracted file must be within the supported file size limit.
Hash: Enter a valid SHA256 hash to scan an existing artifact without uploading the file. The scan proceeds only if a file associated with the provided hash is available.
URL: Enter a valid URL or domain name for scanning.
QR Code: Drag and drop a file or click Browse to upload a file containing a QR code that resolves to a valid URL. The decoded URL is submitted for scanning. For more information on supported file formats and size limits, see Supported File Types and Size.
Note
If the uploaded file contains multiple QR codes that resolve to multiple URLs, each decoded URL is submitted separately and consumes quota individually.
If you upload a ZIP file, use the following information to scan:
Extract ZIP File: Select this option to extract and scan the contents of the ZIP file instead of scanning the archive as a single artifact.
Password (Optional): Enter the password if the ZIP file is password-protected. If you select Extract ZIP File and do not provide a password or provide an incorrect password, the submission fails. For more information, see Frequently Asked Questions (FAQs).
Note
These fields are available only while uploading ZIP files.
Click Submit to initiate the scan.
After submission, you can view the scan details of the artifact in the Scan listing with the corresponding analysis status. For more information, see View Scan Submissions.
Supported File Types and Size
Artifact Type | Supported Formats | Size |
|---|---|---|
Files | .dll, .upx, .exe, .msi, .chm, .hta, .iqy, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pub, .pub2016, .zip, .one, .mht, .hwp, .ich, .inp, .pdf, .rtf, .slk, .swf, .html, .bat, .ps1, .js, .jse, .vbe, .pl, .py, .vbs, .wsf, .apk, .dex, .jar, .lnk, .url, .jnlp, .reg, .xslt, .xps, .eml, .msg | 32 MB |
QR Code | .jpeg, .jpg, .png, .bmp, .gif, .tif, .tiff, .webp, .ppm, .pgm, .pbm, .pnm, .tga, .ico, .pcx, .dds, .sgi, .rgb, .im | 32 MB |