Version 4.2.0 Features

Sophos Sandstorm

Sophos Sandstorm is a cloud service that executes and analyzes suspicious downloads, providing another, more sophisticated layer of protection for your organization.

Enabling Sandstorm

Once you have purchased a license for Sophos Sandstorm, it can be accessed on the Configuration > Global Policy > Sandstorm page.

If you want to try it first, you can start a 30-day trial of Sophos Sandstorm, available on the same page.


Once enabled, a summary of Sophos Sandstorm results is available on the Dashboard.

Setting Sandstorm profiles in Default Policies and Special Hours

Sandstorm profiles can be selected for Default Policies and Special Hours policies.

Sandstorm profiles in Additional Policies

It's also possible to fine tune Sophos Sandstorm profiles using the new Additional Options page, available in Configuration > Group Policy > Additional Policies.

New status pages

If the appliance determines that a file is suspicious, it sends it for further analysis by Sophos Sandstorm.

An analysis may take 10 minutes or more, during which the user will be asked to wait.

If Sophos Sandstorm determines the file is malicious, it is blocked.

Use the Search > Sandstorm > Sandbox Activity to create reports of suspicious downloads

Clicking on the result status listed items gives a detailed report, showing what information was discovered by the analysis: