MALWARE DETECTION BY A SANDBOX SERVICE BY UTILIZING CONTEXTUAL INFORMATION

摘要

Systems and methods for improving malware detection by a sandbox service by utilizing Endpoint Detection and Response (EDR) origin contextual information are provided. According to an embodiment, a sandbox service associated with a network security platform protecting an enterprise network receives a file associated with sandbox-evading malware, to be classified by the sandbox service, and contextual information related to the file. The file is received from an endpoint security solution of the network security platform running on an endpoint device of the enterprise network. The sandbox service classifies the file as being malware by detonating the sandbox-evading malware as a result of performing sandboxing on the file including emulating an environment of the endpoint device based on the contextual information.