Configuring Sandstorm

Sophos Sandstorm is a cloud-based service that provides enhanced protection against new and targeted attacks. You can configure the appliance to send suspicious files to Sandstorm for analysis or submit suspicious files on an individual basis. Sandstorm detonates the file to check for malware and sends the results to you. Because the analysis takes place in the cloud, your system is never exposed to potential threats.

This page of the administrative web interface is not available on a joined Web Appliance as this functionality has been shifted to the Management Appliance.

The Configuration > Global Policy > Sandstorm page allows licensed users to enable Sophos Sandstorm, a cloud service that executes and analyzes suspicious downloads. If you do not have a license, you can obtain a 30-day trial license on this page.

Once enabled, you can set default Sandstorm profiles on the Configuration > Group Policy > Default Policy and Configuration > Group Policy > Special Hours pages. You can also select a custom Sandstorm profile for any additional policies you add or edit.

To turn Sandstorm on or off, click the On/Off switch.

You can view the current license status in the License status text box.

Files to be analyzed by Sandstorm are transmitted using a secure SSL connection to a data center in the cloud. Data centers are located in the United States and Europe. Sandstorm selects the closer data center according to the location of the appliance.

You can override the default behavior by selecting a data center in the Sandstorm data center list.
Note
Changing data centers may affect any analysis that is currently in progress.