what do you mean by "onboard emulator"? The SandBox?
MA offers two environment types: IntelliVM, which executes files in a full Windows ... Virtual Machine, and SandBox, which executes files in an emulated Windows environment. Each malware scanning environment identifies malicious URLs and activities performed when a suspicious file is executed. However, only IntelliVM profiles fully replicate a user workstation. Some malware behaves differently when executed in a SandBox environment than a Windows workstation, and that difference can result in some files not being properly identified as malware. However, with only SandBox emulation enabled, MA scanning will be faster and use fewer resources than with IntelliVM profiles.
Worth mentioning - if the feature is enabled the SandBox is invoked automatically for specific file types when the request is coming in over ICAP. It's just an additional check. You can not upload a file to be checked by the SandBox manually through the GUI like you can with the iVMs.
Does that help?
BR.
Gunnar