Hi guys, when Invincea was bought by Sophos I was excited about Invincea's sandboxing feature to be included to Sophos Endpoint Protection.
This however doesn't appear to have been planned.
Useful scenarios include:
- Running unknown/suspicious applications in a sandboxed environment.
- Opening email attachments
- Opening downloaded files
- Manual use by security admins (Specify programs to run in sandbox, or temporarily whitelist a blocked program/file forcing it to run in sandbox for investigations.)
That last one is particularly useful, as we've recently had a case where some emails were flagged by Sophos and quarantined. Sophos would block us from opening the emails, which meant we were unable to investigate the emails in order to create a rule to filter them out.
We had to disable Sophos to complete our investigation, which is very non-user friendly.
Having a simple option of allowing to run a quarantined/blocked program or file from sandbox would solve this issue while keeping the system secure.