Select Page

SandboxingBenefit from the Most Advanced Analysis and Threat Prevention Engine in the Industry

Sandboxing completes the effectiveness of Retarus Email Security: It exports all incoming email attachments that could potentially contain malicious code to a virtual machine and checks them for unusual behavior. Emails classified as infected are deleted or immediately moved to quarantine.

The Challenge

New Cyber Threats Every Second

Around the world, an unmanageable number of new cyber threats emerge every second. The use of cloud services, increasing automation, and global networking often make it all too easy for attackers today. One example is the use of polymorphic malware, which allows attackers to spread their threats faster than ever before. It is dynamic malware that continuously adapts its code both flexibly and autonomously. That’s how it eludes conventional detection mechanisms, as the identifiable attributes are constantly changing.

According to security authorities, the number of new malware variants increases by around 140 million every year.
The Solution

Machine Learning Helps to Defend Against Unknown Threats

In combating these malware variants and similarly adaptive threats, machine learning is a particularly powerful weapon that must be included in every IT security strategy. Only a sandbox engine based on state-of-the-art machine learning is capable of quickly analyzing and processing today’s common data volumes and threats. It supports automated decision-making in fractions of a second, enabling it to deliver an immediate response. Another key benefit: machine learning models are particularly good at detecting any changes that may have been made to executable files, a major weakness of earlier signature-based approaches, which far too often were exploited by attackers.

Retarus Email Security uses one of the most advanced prevention engines in the industry. With this sandboxing technology, you benefit from a range of highly automated and intelligent analysis mechanisms to defend against threats, staying one decisive step ahead of zero-day exploits and malware.

Sandboxing admin panel - Retarus Email Security

Configuring the sandboxing function in myEAS

Retarus Sandboxing – Compliance Included

Suspicious content is executed in a protected environment within the Retarus infrastructure and thoroughly checked. This fully automated analysis meticulously focuses on file formats frequently used in attacks, including EXE, DLL, ZIP, PDF, as well as Microsoft® Office documents and Java files. Emails identified as infected are deleted or immediately moved to quarantine.

The sandboxing technology is operated exclusively in EU data centers and compliant with e.g. ISO 27001 as well as SOC 2 Type II. This enables you to comply with all data protection requirements while benefiting from our technology partner’s threat intelligence jointly used by a large amount of subscribers, all without having to transfer the results of scanning with any 3rd party organization. With its patented signatureless approach, the technology used by Retarus is highly successful at filtering both dangerous files and malicious scripts.

Multiple Analysis Methods for Top Results

Static analysis: checks thousands of file attributes to identify possible malicious code in a timely and effective manner. This enables fast and reliable analysis in less than four minutes on average.
Dynamic analysis: automatically runs files in a virtual environment to detect previously unknown malware based on unusual behavioral attributes. This also benefits users of the patented Retarus Patient Zero Detection®: the sandbox results generate related events and automatically warn all other recipients of the same attachments who were not initially detected.
Machine learning and neural networks: The Sandboxing technology features state-of-the-art machine learning, neural networks, and behavioral analytics to ensure fast and accurate detection using collective threat intelligence consisting of a shared data pool. It does this by continuously analyzing trillions of files – infected and uninfected – from thousands of companies, government agencies, service providers, and partners around the globe. This unique cache of data enables researchers and data scientists at Retarus’ technology partner to create accurate and efficient AI models that are constantly updated and thus always up-to-date.
Die Features

Retarus Sandboxing Services at a Glance


Sandboxing subjects specific file attachments to an in-depth analysis. Attachments that contain potentially malicious code (e.g. files and active elements) are exported to a virtual machine and checked for unusual behavior. For this advanced threat check, Retarus uses a leading third-party sandboxing technology. Emails identified as infected are either quarantined or deleted, and the intended recipient is notified.

  • In-depth checks of email attachments by executing them in virtual machines
  • State-of-the-art machine learning, neural networks, and behavioral analytics for fast, accurate detection
  • Securely operated in Germany
  • Each file submission immediately destroyed after scanning
  • Certified with ISO 27001 and SOC 2 Type II
  • All file systems used by the service are fully encrypted
  • Notification of infected attachments via Email Security Report
  • Select view of advanced security checks in Retarus Email Live Search Monitoring (Tracking Point)


Effective Protection from Cyber Attacks with Maximum Flexibility.

Retarus Essential Protection effectively protects your email infrastructure against threats such as malware, spam, phishing, or spoofing. For extended protection, we offer innovative modules as enhancements. They can be added à la carte according to your requirements.

Do you need a higher level of security for your inboxes? With Retarus Advanced Threat Protection, you are optimally equipped against even complex cyber attacks thanks to four parallel virus scanners, Time-of-Click Protection (URL rewriting), and CEO Fraud Detection.

Your email infrastructure can additionally be secured with market-leading sandboxing technology. Suspicious file attachments are executed in a partitioned virtual machine and deleted or quarantined if found.

For maximum protection, Retarus Post Delivery Protection enables subsequent identification of malicious code in emails that have already been delivered. With PZD Real-Time Response, dangerous emails can even be automatically deleted from your users’ inboxes.

Need a connection to your existing SIEM tools? No problem. Forensics SIEM integration delivers events in real-time through a protected interface, allowing you to supplement your data stream with email security details.

Good to know: Retarus’ Email Security Services are the perfect modular enhancement, offering additional protection for standard security components used by Microsoft 365 and Google Workspace.

Questions About Retarus Sandboxing?

Request more information or test Retarus Email Security without obligation. We look forward to hearing from you.