The Solution: Norman SandBox®
Norman SandBox® enables IT departments to effectively protect their networks from new generations of malware. It determines in a simulated environment what malicious code would do if it were allowed to run on a real machine. It identifies and stops new and undiscovered malicious code before detection signatures have been created and distributed.
Since malicious programs find it extremely difficult to distinguish between a simulated computer and a real one, Norman SandBox® emulates the computer, hard drive, memory, operating system, network and even the Internet to determine how the code would adversely affect the business. However, if the simulated computer is detected by a malicious program, the Norman SandBox® environment can quickly adapt to counter the detection or add support for the newly discovered threats. All files are scanned in the simulated computer for malware. If the SandBox finds malicious code, the program is stopped. This real-time, proactive detection and discovery eliminates the threat of damage to the network and prevents the spread of malware.
Despite its powerful capabilities, Norman SandBox® requires a relatively small footprint to perform its functions. This allows the system to run at peak performance without slowing down the network or other critical business processes. The SandBox reuses modules from the scanner engine, emulator and the virtual memory manager. The SandBox modules combined are less than 87MB uncompressed and require approximately 4MB of memory per scanning thread.