Content & Malware Analysis

 View Only
Back to discussions
Expand all | Collapse all

Does the Sandboxing engine revert to a snap-shot of Windows ivm at a time before detonating the file?

  • 1.  Does the Sandboxing engine revert to a snap-shot of Windows ivm at a time before detonating the file?

    Posted Sep 12, 2019 11:37 PM

    Hi;

     

    Does the Sandboxing engine revert to a snap-shot of Windows ivm at a time before detonating the file? I mean at the end of sandboxing a certain file?

     

    Kindly

    Wasfi



  • 2.  RE: Does the Sandboxing engine revert to a snap-shot of Windows ivm at a time before detonating the file?

    Posted Sep 27, 2019 05:41 AM

    yes.

    When building the iVM it is basically frozen in a certain running state and every sample starts exactly at that point.

    ( It is not really a "revert" operation, more like throw away the used iVM and spawn a new one in the starting state. )

    BR.

    Gunnar