Servers hosting the Sandbox component run virtual machines with images of operating systems.
The Sandbox component starts objects in these operating systems and analyzes the behavior of the objects to detect malicious activity and signs of targeted attacks to the corporate IT infrastructure.
By default, the maximum file size scanned by the Sandbox module is 100 MB. You can configure scan settings in the administrator menu of the application management console.
The maximum level of nesting for scanned archives is 32.
The maximum number of objects that can be in queue to be scanned by the Sandbox component per day is 20,000 objects. When this limit is reached, the application deletes 10% of the objects that have been queued for scanning the longest and replaces them with new objects queued for scanning. The deleted objects are saved in the application with the NOT_SCANNED status.