To use the Sandbox Scanning Portal, ensure that you are forwarding traffic to the Zscaler service.
Uploading Files
Click Add files and select the files you want to upload to the portal.
The maximum size for one file is 20MB.
Click Upload.
FILE NAMEMD5SIZE(BYTES)UPLOADED URLSTATUS
Once you add files, the files will show up here.
Sandbox Portal Details
Zscaler scans the files using the following policies as configured by your organization:
Malware Protection
Advanced BA
Upon upload, you will see the following results:
File Name: Displays the name of the file you uploaded.
MD5: Displays the MD5 value you will need if you uploaded a file and want to view the results of BA completed on the file. (Note that the service will not perform BA if the file is blocked by the Malware Protection policy, if the file is clean, or if it has already been analyzed by BA.)
Size: Displays the size (in bytes) of the file you uploaded.
Uploaded URL: Displays the URL you will need if you uploaded multiple files and want to view the results of BA on the files (if completed). The URL will be in the following format: http://filecheck.zscaler.com//
Status:
This column can display the following:
If a file is blocked inline through the Malware Protection or Advanced BA policies, the Status column will show the file as blocked and also why the file was blocked (for example, due to a virus or malicious behavior).
If the file is clean, or has never been examined by BA, the Status column will show a green check. To see whether the green check indicates the file is clean, or whether the file was sent for BA, you must check the BA report, which can be accessed through the Zscaler admin portal with the following steps:
Sign in to the Zscaler admin portal.
Go to Analytics > Web Insights.
Under 1. Select Chart Type, choose Logs.
Under 2. Select Time Frame, choose the appropriate timeframe. For example, if you sent your file(s) to the Filecheck Portal within the last day, you can select "Current Day" and if in the last week, you can select "Current Week" and so on.
Under 3. Select Filters, choose Behavioral Analysis Action > Blocked.
Click Apply Filters.
When the report is generated, scroll to the right of the screen to view the MD5 column. (If you do not see an MD5 column, click the menu at the top right-hand corner and make sure that MD5 is checked.)
To view the results of BA for a single file, search for the value that was displayed in the MD5 column of the Filecheck Portal. If you do not find the file after doing a search in the report, this indicates that the file you scanned through the Filecheck Portal was clean and was never sent to BA.
To view the results of BA for multiple files, search for http://filecheck.zscaler.com/ or the value that was displayed in the Uploaded URL column of the Filecheck Portal (http://filecheck.zscaler.com// ). If you do not find the files after doing a search in the report, the files you scanned through the Filecheck Portal were clean and were never sent to BA.
Once you've located the file(s) for which you want to view BA results, click on the link provided in the MD5 column of the report.