Version 4.2.0 Features

Sophos Sandstorm

Sophos Sandstorm is a cloud-based service that provides enhanced protection against new and targeted attacks. You can configure the appliance to send suspicious files to Sandstorm for analysis or submit suspicious files on an individual basis. Sandstorm detonates the file to check for malware and sends the results to you. Because the analysis takes place in the cloud, your system is never exposed to potential threats.

Enabling Sandstorm

Once you have purchased a license for Sophos Sandstorm, it can be accessed on the Configuration > Global Policy > Sandstorm page.

If you want to try it first, you can start a 30-day trial of Sophos Sandstorm, available on the same page.


Once enabled, a summary of Sophos Sandstorm results is available on the Dashboard.

Setting Sandstorm profiles in Default Policies and Special Hours

Sandstorm profiles can be selected for Default Policies and Special Hours policies.

Sandstorm profiles in Additional Policies

It's also possible to fine tune Sophos Sandstorm profiles using the new Additional Options page, available in Configuration > Group Policy > Additional Policies.

New status pages

If the appliance determines that a file is suspicious, it sends it for further analysis by Sophos Sandstorm.

An analysis may take 10 minutes or more, during which the user will be asked to wait.

If Sophos Sandstorm determines the file is malicious, it is blocked.

Use the Search > Sandstorm > Sandbox Activity to create reports of suspicious downloads

Clicking on the result status listed items gives a detailed report, showing what information was discovered by the analysis: