Frequently Asked Questions regarding Office-Logic InterChange implementation of Norman Sandbox v2


 

In this FAQ we have tried to collect some questions (and their respective answers) which are often asked about Office-Logic products and the Norman virus engine that is included with the products. We have tried to group the questions in some main categories as seen below. Hopefully this will be of help to the users of Office-Logic in understanding Norman's Sandbox technology.

Note: Sandbox technology is currently only available in Office-Logic InterChange.

Table of content


What is Norman sandbox?

Sandbox is Norman's technology for detecting new unknown viruses and malware, using a safe virtual environment inside your computer, where the viruses are allowed to reveal themselves without damaging your system.

Which viruses does the sandbox detect?

The sandbox detects most types of viruses. Since the sample we're testing for viral activity is run on a simulated computer system in a simulated network, they can either spread locally on the system, or try to infect other machines. They can also use services of remote machines, like SMTP, News, IRC, DNS etc.

Does it detect ALL viruses?

No. The intention of the sandbox is to detect current threats to your system. Legacy DOS COM viruses and other non-executable viruses (like macros and scripts) are not detected by the sandbox. The sandbox focuses on detecting binary email and network worms, as these are the most common and dangerous viruses at the present.

Is it safe?

Yes, since we're running everything emulated, nothing is run on your real system. If a virus or a trojan wants to delete all your system files, they will delete the system files on the simulated hard-drive - not your real one. Since we're using emulation, there is nothing to break free from, so it's perfectly safe.

How much of my resource does it use?

The sandbox module reuses modules from our scanner engine, the emulator and virtual memory manager. The software components of the sandbox are located in our definition file (NVCBIN.DEF). The sandbox modules are less than 160kb compressed. The memory requirement is about 4 MB pr. scanning thread. Since we're running it through emulation, speed is of great importance. On a 700MhZ PIII it emulates over a million instructions per second. On a P4 2GhZ it emulates over 3 million instructions per second. We have designed the sandbox to reduce the number of emulation cycles, especially on clean files and this will be an ongoing effort. Tests done early in the development phase showed that using the sandbox on all executable files on a regular hard-drive increased the scanning time with about 40%. Compared to the amount of work being done using the sandbox and the benefits of detecting unknown advanced worms and viruses, we do not consider speed a problem.

When the sandbox detects a virus, what should I do?

When the sandbox detects a virus, the name of the virus can be one of the following:

If the sandbox detects something unknown, you should first make sure that your NVC installation is completely up to date. This is accomplished automatically (see How often does my product check for updates? for more information and to manually update). If your installation is outdated, the Sandbox may have detected a virus that has recently been added to the definition files. If the virus that NVC detects still is one in the list above, we haven't seen it before. Else we would have added regular detection of it. The message sent to the user and/or the administrator (if so configured) should always give a short analysis why it's a worm or virus.

Where should I and where can I enable the Norman Sandbox?

Norman Sandbox should be enabled in the "Configure->Options->Virus" tab of the Office-Logic product. Make sure that the box is checked for "Scan using Norman Sandbox technology".

Does the sandbox require updates?

Yes, the sandbox consists of numerous software components, like kernel32, wsock32, msvcrt etc. These are located in the binary definition file (NVCBIN.DEF). We constantly work on improving these software modules. The sandbox updates will be available through Norman Internet Update on the same basis as other NVC modules.

How often does my product check for updates?

It depends on the product. Office-Logic InterChange checks our Virus Update Server every 3 hours. Office-Logic WebClean and MailS.W.A.T. check every 23 hours. You can also force an update by selecting "File->Update virus definitions now" on the main screen of the Console.

 

 
NVC picture

Norman is one of the world's leading companies within the field of data security. With products for antivirus (virus control), personal firewall, encryption, data recovery, and certified data erasure, the company plays an important role in the data industry.
 

 



Copyright LAN-ACES, Inc. 2016 

Why Office-Logic?
Tip Of The Week
Safer E-Mail Solution
Complete Solutions
Virus Alerts
Sandbox Technology
Customer Comments
 

Protect your Workstations & Servers with NORMAN VC

 

LAN-ACES, Inc is proud to offer our customers the same virus protection on their workstations and servers that Office-Logic InterChange has utilized for years to protect their e-mail.

 

Visit our NORMAN page

to learn how you can safeguard your workstations and servers with the industries best virus protection.