Scan
Use Scan to quickly inspect files and URLs for known malware, suspicious patterns, or threat indicators. Scan provides faster results than sandboxing and is ideal for quick, on-demand threat assessments.
BeforeyouStart
Ensure that your user group has the following permissions:
View Sandbox Records
Create Sandbox Records
Steps
To scan a file or URL for quick threat detection, follow these steps:
Go to Main Menu and select Analysis > Sandbox.
Click the Scan tab.
Use one of the following input methods:
Upload File: Click the Drag & Drop or Browse area to select a file from your system. For more information on supported file formats and size limits, see Supported File Types and Size.
Enter URL: Paste the URL into the input field.
Click Submit to initiate the scan.
After submission, the file or URL appears in the Scan listing table with the corresponding analysis status.
Supported Actions
After the analysis is complete, you can take the following actions:
View Scan Report: Click any scanned record to view detailed scan results.
Submit to Sandbox: For deeper behavioral analysis:
Select a scanned record.
Click Submit to Sandbox.
You are redirected to the Sandbox tab to complete the submission. For more information, see Sandbox.
Use this option when a quick scan flags a suspicious artifact and further investigation is required.
Download Report: Export the scan report as a JSON file for offline analysis or record-keeping.
Delete Report: Remove a scanned record from the list if it is no longer needed.
View Scan Submissions
Each scanned record appears in the Scan tab listing with the following details:
Field | Description |
---|---|
Title | Name of the submitted file or URL. |
Status | Indicates the current scan status: In Progress, Completed, or Failed. |
Type | Displays whether the scanned item is a File or a URL. |
Scan ID | Unique identifier assigned to the scan session. |
SHA256 | SHA256 hash of the submitted file. |
Submitted By | User who initiated the scan. |
Submitted On | Date and time of the scan submission. |
You can also search and sort records using filters and column headers to locate specific scans efficiently.
View Scan Report
Open any record with a success status to view the scan report. It includes the following sections:
Summary: Displays a high-level overview, including:
Total number of detection engines used
Number of engines that flagged the files as malicious
File name
Artifact size
Scan date and timestamp
Detected malware family (if applicable)
Detections: Lists any Indicators of Compromise (IOCs) or threat signatures identified during the scan.
File Metadata: Provides detailed technical attributes such as:
File names
First Seen and Last Scanned timestamps
MIME type and file formats
Supported File Types and Size
Artifact Type | Supported Formats | Size |
---|---|---|
Files | .dll, .upx, .exe, .msi, .chm, .hta, .iqy, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pub, .pub2016, .zip, .one, .mht, .hwp, .ich, .inp, .pdf, .rtf, .slk, .swf, .html, .bat, .ps1, .js, .jse, .vbe, .pl, .py, .vbs, .wsf, .apk, .dex, .jar, .lnk, .url, .jnlp, .reg, .xslt, .xps. | 32 MB |
URLs |
| - |