Managing the Sandbox component through the web interface

The Sandbox web interface is located on the server hosting the Sandbox component.

The Sandbox web interface is protected against CSRF attacks and operates only if the web interface user's browser provides the Referrer header of an HTTP POST request. Make sure that the browser that you are using to work with the Sandbox web interface does not modify the Referrer header of an HTTP POST request. If the connection with the web interface is established through a proxy server of your organization, check the settings and make sure that the proxy server does not modify the Referrer header for an HTTP POST request.

To get started with the web interface of the Sandbox application:

1. In a browser on any computer on which access to the server with the Sandbox component is allowed, enter the IP address of the server with the Sandbox component.

   This opens the Sandbox component administrator credentials input window.

2. Enter the Sandbox component administrator user name and password that you specified when installing the Sandbox component.

You can now start working in the Sandbox web interface.

If you use more than one servers with the Sandbox component, configure settings of each Sandbox component from the Sandbox web interface of such server.

Updating the Sandbox component databases

The Sandbox component databases are files with records that make it possible to detect a malicious code and signs of suspicious behavior in scanned objects.

Virus analysts at Kaspersky detect hundreds of new threats daily, create records to identify them, and include them in database upgrade packages (or upgrade packages). Upgrade packages consist of one or more files containing records to identify threats that were detected since the previous upgrade package was released. We recommend that you regularly receive upgrade packages.

During the license validity period, you can obtain update packages automatically once every hour or update the databases manually.

Updating databases manually

To start a database update manually:

1. Select the Database update section in the Sandbox web interface window.

   The Last update settings group will show time and status of the last Sandbox database update.

2. Click Start.

Selecting a database update source

To select a database update source:

1. Select the Database update section in the Sandbox web interface window.
2. In the Update source settings group, select a source from which you want to receive upgrade packages:
   • Kaspersky update server.

     The program connects to Kaspersky update server over HTTP and downloads up-to-date databases.

   • Kaspersky update server (secure connection).

     The program connects to Kaspersky update server over HTTPS and downloads up-to-date databases. It is recommended to use HTTPS for database updates.

   • Custom server.

     The program connects to your FTP or HTTP server or to the folder with program databases on your computer to download up-to-date databases.

3. If you select Custom server, in the field under the name of the setting, enter the full path to the folder that contains the application database update package.
4. Click Apply in the lower part of the window.

Enabling and disabling a proxy server for database update

To enable or disable a proxy server for updating the Sandbox component databases:

1. Select the Database update section in the Sandbox web interface window.
2. In the workspace, do one of the following:
   • Enable the switch next to the Proxy server settings group name if you want to use the proxy server for the Sandbox component database update.
   • Disable the switch next to the Proxy server settings group name if you do not want to use the proxy server for the Sandbox component database update.

Configuring proxy server connection settings for database update

To configure the proxy server connection for updating Sandbox component databases:

1. Select the Database update section in the Sandbox web interface window.
2. Enable the switch next to the Proxy server settings group name.
3. In the Address field, enter the proxy server address.
4. In the Port field, enter the proxy server port number.
5. In the User name field, enter the proxy server user name.
6. In the Password field, enter the password to obtain connection to the proxy server.
7. Do one of the following:
   • Select the Bypass proxy server for local addresses check box if you do not want to use the proxy server for internal IP addresses of your organization.
   • Clear the Bypass proxy server for local addresses check box if you want to use the proxy server irrespective of whether the IP addresses belong to your organization.
8. Click Apply in the lower part of the window.

Configuring connection between the Sandbox and Central Node components

The following procedure is used to configure the Sandbox component connection with the Central Node component:

1. A request for connection to the Sandbox component is created in the application web interface.
2. The Sandbox web interface shows connection requests.

   You can accept or reject the request.

After configuring the connection, the Sandbox server needs 5 to 10 minutes to get ready for operation. During this time, the System health window of the application web interface display a warning: Default configuration error. When the server is ready for operation, the warning disappears.

Processing connection requests from the Central Node servers in the Sandbox web interface

You can accept, reject, or revoke a previously accepted connection request from the Central Node servers in the Sandbox web interface.

To accept, reject, or revoke a connection request from Central Node servers:

1. Select the Authorization section in the window of the Sandbox web interface.

   The Central Node connection requests section will show a list of connection requests from the Central Node components.

   Each connection request contains the following information:

   • IP—IP address of the Central Node server.
   • Certificate fingerprint—Thumbprint of the Central Node TLS certificate used to establish an encrypted connection between servers.
   • State—Status of the connection request.

     May have the values Pending or Accepted.

2. Make sure that the Central Node certificate thumbprint matches the certificate thumbprint configured for the Central Node.

   You can check the Central Node certificate thumbprint from the Central Node server administrator menu in the Manage Server Certificate section.

3. Click one of the following buttons in the line containing the connection request from the Central Node component:
   • Accept if you want to accept the connection request.
   • Reject if you want to reject the connection request.
   • Revoke if you want to revoke a previously accepted connection request.
4. Click Apply in the lower part of the window.

Configuring the Sandbox component network interfaces

This section describes configuration of the Sandbox component network interfaces.

Configuring DNS settings

To configure DNS:

1. Select the Network interfaces section in the window of the Sandbox web interface.
2. In the Host name field, enter the name of the server on which you are installing the Sandbox component in FQDN format (for example, sandbox).
3. To the right of the DNS servers parameter name, click the Add button.

   This will add an empty field for the DNS server IP address input.

4. Enter the IP address of the primary DNS server in IPv4 format.
5. Click the button to the right of the entry field.

   The DNS server will be added.

6. If you want to add an additional DNS server, repeat steps 2-5.
7. If you want to remove a previously added DNS server, click the button to the right of the line containing the DNS server IP address.

   You can only remove additional DNS servers. You cannot remove the primary DNS server. If you added 2 and more DNS servers, you can remove any of them, and the remaining DNS server will be used as the primary server.

Configuring settings of the management network interface

A management network interface is intended for providing access to the server with the Sandbox component via the SSH protocol, and the Sandbox component will also receive objects from the Central Node component via this interface.

You can configure a management network interface during installation of the Sandbox component.

You can also configure a management network interface from the Sandbox web interface.

To configure a management network interface from the Sandbox web interface:

1. Select the Network interfaces section in the window of the Sandbox web interface.
2. In the Management interface settings group from the Interface drop-down list, select a network interface, which you want to use as a management interface.
3. In the IP field, enter the IP address that you want to assign to this network interface if no IP address is assigned.
4. In the Mask field, enter the network mask in which you want to use this network interface.
5. Click Apply in the lower part of the window.

Configuring settings of a network interface used for Internet access of processed objects

Objects processed by the Sandbox component may attempt activities on the Internet via the network interface used for Internet access of processed objects. The Sandbox component can analyze the behavior of these objects.

If you block Internet access, the Sandbox component cannot analyze the behavior of objects on the Internet, and will therefore only analyze the behavior of objects without Internet access.

The network interface used for Internet access of processed objects must be isolated from the local network of your organization.

If the security policy of your organization denies access to the Internet from computers of local network users, and you have configured the Sandbox network interface for Internet access of processed objects, there is a risk of the following scenario:

A hacker can attach a malicious application to a random file and initiate a Sandbox scan of this file from the computer of a local network user. This file will be taken over outside the local network through the network interface used for Internet access of processed objects in the course of scanning the file by the Sandbox component.

Unavailability of the Sandbox network interface for Internet access of processed objects eliminates any risk of such data transfer but compromises the quality of alerts.

To configure the network interface used for Internet access of processed objects:

1. Select the Network interfaces section in the window of the Sandbox web interface.
2. In the Internet interface settings group from the Interface list, select a network interface that you want to use for Internet access of processed objects.

   The management network interface that you configured previously cannot be selected from this list of network interfaces.

3. In the IP field, enter the IP address that you want to assign to this network interface.
4. In the Mask field, enter the network mask in which you want to use this network interface.
5. In the Default gateway field, enter the gateway address of the network in which you want to use this network interface.
6. Click Apply in the lower part of the window.

Adding, changing and removing static network routes

You can configure static network routes during installation of the Sandbox component.

You can also add, remove or change static network routes from the Sandbox web interface.

To add a static network route:

1. Select the Network interfaces section in the window of the Sandbox web interface.
2. In the Static routes settings group, click the Add button.

   A line with empty fields will be added in the list of static network routes.

3. In the IP field, enter the IP address of the server for which you want to configure a static network route.
4. In the Mask field, enter the subnet mask.
5. In the Gateway field, enter the IP address of the gateway.
6. From the Interface list, select a network interface for which you want to add a static network route.
7. Click .
8. Click Apply in the lower part of the window.

To remove a static network route, proceed as follows:

1. Select the Network interfaces section in the window of the Sandbox web interface.
2. In the Static routes settings group in the line containing the static network route that you want to remove, click the button.
3. Click Apply in the lower part of the window.

To modify a static network route:

1. Select the Network interfaces section in the window of the Sandbox web interface.
2. In the Static routes settings group in the line containing the static network route that you want to change, click the button.

   The static network route line will become editable. You can change one or more parameters of a static network route.

3. In the IP field, change the IP address of the server for which you want to configure a static network route.
4. In the Mask field, change the subnet mask.
5. In the Gateway field, change the IP address of the gateway.
6. From the Interface list, select the network interface for which you are editing the network route.
7. Click .
8. Click Apply in the lower part of the window.

Setting the Sandbox system date and time

To set the date and time on the server hosting the Sandbox component:

1. In the Sandbox web interface window, select Date and time.
2. In the Country drop-down list, select the relevant country.
3. In the Time zone drop-down list, select the relevant time zone.
4. If you prefer to synchronize the time with the NTP server, select Synchronization with NTP servers.
5. If you prefer to set the date and time manually, do not enable the switch to the right of the Synchronization with NTP servers parameter name and proceed as follows:
   1. In the Date field, enter the current date or click the button and select a date in the calendar.
   2. In the Time field, enter the current time.
6. Click Apply in the lower part of the window.

Installing and configuring images of operating systems and applications required for the operation of the Sandbox component

To scan objects, you can use your own (hereinafter also referred to as "custom") images of operating systems as well as preset images from the distribution kit. If you are using custom images, you can install any applications on these operating systems. The selection of applications for the preset images from the distribution kit cannot be modified.

The distribution kit includes preset ISO images of operating systems and applications required for the Sandbox component to work. Some operating systems and applications require activation.

The Sandbox component runs objects in selected operating systems and analyzes the behavior of these objects to detect malicious activity and indicators of targeted attacks and intrusions into the corporate IT infrastructure.

You can use custom and preset operating system images at the same time.

To use an operating system image for scanning objects by the Sandbox component, you must create a virtual machine for that image.

Creating virtual machines with preset images of operating systems from the distribution kit

Creating virtual machines with preset images of operating systems involves the following steps:

1. Importing a template
2. Creating a virtual machine
3. Installing the virtual machine

Creating virtual machines with custom images of operating systems

Creating virtual machines with custom images of operating systems involves the following steps:

1. Uploading the image of the operating system and applications that you want to install on the operating system to the Sandbox Storage.

   You can skip this step and upload the images while creating and editing a template.

2. Create or import a custom template.
3. Creating a virtual machine
4. Installing the virtual machine

In case of problems with activation of operating systems or applications, the web interface of the Sandbox component displays an error message. If this happens, please contact Kaspersky Technical Support.

Managing operating system and application images in the Sandbox Storage

Custom images of operating systems and applications that you want to install on these operating systems are placed in Sandbox Storage.

You can upload the following custom operating system images to Storage:

• Windows 7
• Windows 8.1 64-bit
• Windows 10 64-bit (up to version 1909)

Uploaded files must have the .ISO extension.

Uploading custom images of Linux operating systems is not supported.

If you want to use custom operating system images in a template, you must configure those operating systems.

Viewing the table of operating system and application images in Sandbox Storage

To view the table of operating system and application images in Sandbox Storage:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Storage section.

The table of operating system and application images in Sandbox Storage is displayed.

The table contains the following information:

• Uploaded is the image upload time.
• Name is the name of the image.
• Size is the size of the image.
• Actions are operations available for the image. Possible values: Create VM, Export, Delete.

Uploading operating system and application images to Storage

To upload to Storage the custom images of operating systems and applications that you want to install on these operating systems:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Storage section.
3. Click Upload.
4. This opens the file upload window.
5. Select the .ISO file that you want to upload to Storage.
6. Click Open.

   If you want to upload multiple images, repeat steps 1 to 6 for each image.

The image is uploaded to Storage and displayed in the table of objects.

Activating operating system and application images in Sandbox Storage

You can create a virtual machine with non-activated images of Windows 7 (64-bit), Windows 10 (64-bit) and applications required by the Sandbox component and activate them using your own license code after installing the virtual machine.

Windows images and the Microsoft Office suite can be activated using the kata_images.py file. This file is part of the distribution kit.

Correct activation of Windows images and the Microsoft Office suite requires Internet access. Make sure Internet access is configured correctly.

During the activation procedure in the Dashboard section, the Central Node component alerts you to a self-diagnostics error of the Sandbox component. After successful activation, the self-diagnostics error of the Sandbox component is no longer displayed. During activation, objects are not sent to the Sandbox component for scanning.

To activate Windows images and the Microsoft Office suite:

1. Make sure that virtual machines with non-activated images of Windows 7 (64-bit), Windows 10 (64-bit) and the Microsoft Office suite are created and installed.
2. Use SSH to place the kata_images.py file on the server with the Central Node component:

   scp ./kata_images.py admin@<IP address of the Sandbox server>:

3. Log in to the management console of the server with the Sandbox component via the SSH protocol or through a terminal.
4. When the system prompts you, enter the administrator user name and the password that was specified during installation of the application.

   The Sandbox component administrator menu is displayed.

5. In the application administrator menu, select Technical Support Mode.
6. Press ENTER.

   This opens the Technical Support Mode confirmation window.

7. Select Yes and press ENTER.
8. Activate the Windows images and the Microsoft Office suite by running the following sequence of commands:
   1. cd /var/opt/kaspersky/apt/files
   2. sudo -s
   3. ./kata_images.py activate --vm_id Win7_x64 --component Win7 --key <Windows 7 64 bit activation code>
   4. ./kata_images.py activate --vm_id Win7_x64 --component Office2010 --key <Microsoft Office 2010 activation code>
   5. ./kata_images.py activate --vm_id Win10_x64 --component Win10 --key <Windows 10 64 bit activation code>
   6. ./kata_images.py activate --vm_id Win10_x64 --component Office2016 --key <Microsoft Office 2016 activation code>

   The activation code has the following format: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX.

9. Create recovery points for virtual machines with added license keys:

   ./kata_images.py snapshot --vm_ids Win7_x64,Win10_x64

   The process may take some time.

10. Make sure the Dashboard section of the application web interface does not display any warnings about the Sandbox component not working.

Windows images and the Microsoft Office suite are activated. Images of Windows operating systems and Microsoft Office application suite must be activated on all servers with the Sandbox component.

Page top

Deleting operating system and application images from Sandbox Storage

To remove an operating system or application image from Sandbox Storage:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Storage section.
3. In the Action column next to the relevant image, click Delete.

   This opens the action confirmation window.

4. Click Yes.

The image is deleted.

Managing virtual machine templates

Virtual machines are created from templates. To create a virtual machine, you must first import or create a template for it. Multiple virtual machines can be created based on the same template.

You can perform the following operations with templates: view the table of templates, enable or disable templates, edit, export, or delete templates.

Operations with the template are not available if a virtual machine with a custom operating system image is being created or installed from this template. After the virtual machine creation and installation process is complete, you can again perform operations with the template.

Creating a virtual machine template

To create a virtual machine with the selected operating system, you must first create a template for it.

To create a template for a virtual machine:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Templates section.
3. From the Add drop-down list, select Create template.

   This opens the template creation window.

4. At the Preparing the image step:
   1. In the Name field, type the name of the template.
   2. In the Description field, enter the template description. This field is optional.
   3. In the OS image drop-down list, do one of the following:
      • Select the operating system image that you want to use for the template from the list of available images.

        For an image to be displayed in the list, you must first upload it to Storage.

      • To upload the operating system image, click the Upload link, select the relevant file, and click Open.

        The uploaded file must have the ISO extension.

5. Click Proceed.
6. At the Customizing the template step, do one of the following:
   1. In the Mount ISO drop-down list, select the image of the application that you want to install in the operating system.

      For the image to be displayed in the list, do one of the following:

      • Upload the image to Storage.
      • In the Mount ISO drop-down list, click the Upload link, select the relevant file, and click Open.

        The uploaded file must have the ISO extension.

   2. If you want to unmount the installed image, in the Mount ISO drop-down list, click the icon next this image.
   3. Configure the operating system and installed software.
   4. In the Shut down drop-down list, you can do one of the following:
      • Shut down if you want to shut down the system while saving the results of running applications.
      • Power off if you want to shut down the system without saving the results.

        If a template is enabled, you cannot create a virtual machine from it, and you cannot export the template. If you want to continue configuring the template, enable it.

The virtual machine template is created. You can create a virtual machine based on it.

Viewing the table of templates

To view the table of templates:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Templates section.

The table of templates is displayed.

The table contains the following information:

• Created is the template creation time.
• Type is the type of operating system: custom or preset.
• Name is the name of the template.
• Status is the status of the template, for example, Power on or Powered off.
• Size is the size of the template.
• OS is the version of the operating system used for the template.
• VMs is the virtual machine created based on this template.
• Actions are operations available for the template. The following operations are available: Create VM, Export (), Delete ().
• Description is the description specified when creating a template.

Turning a template on or off

If the template is turned off, you can perform the following operations with it: create a virtual machine based on the template, export, or delete it. If a template is turned on, you can edit it.

To turn a template on or off:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Templates section.
3. Select the relevant template.
4. In the Customizing the template section, do one of the following:
   • If you want to turn on the template, click Power on in the template management console.
   • If you want to turn off the template, select one of the options in the Shut down drop-down list in the template management console:
     • Shut down if you want to shut down the system while saving the results of running applications.
     • Power off if you want to shut down the system without saving the results.

The template is turned on or off.

Editing a template

To edit a template:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Templates section.
3. Select the relevant template.
4. If the template is turned off, turn it on by clicking Power on.
5. If you want to install an application on the operating system that is used for the template, select the relevant application image from the Mount ISO drop-down list.

   For an image to be displayed in the list, you must first upload the image to Storage.

6. If you want to unmount the installed image, in the Mount ISO drop-down list, click the Unmount icon next to that image.
7. Configure the operating system and installed software.

The template is edited.

Configuring the operating system and software

General requirements for all operating systems

When installing Windows 7, 8.1, or 10 operating systems, you must satisfy the following requirements:

• Disable the screen saver.
• Select the Always On power plan.
• Disable automatic updates.
• Disable Windows Firewall.

For Windows 8.1 and 10 operating systems, you must disable fast boot and enable automatic logon.

Preparing the Windows 7 operating system

To use Windows 7, the SHA-2 hash algorithm must be supported. To make sure this hash algorithm is supported, install the Security Update for Windows 7 for x64-based Systems (KB3033929). For 32-bit Windows 7 operating systems, update KB3033929 must also be installed.

Do not install update KB4474419. This update may cause a crash during virtual machine deployment.

Also, you must enable TLS 1.1 and TLS 1.2 in the operating system settings. To do this, in the Control Panel → Internet Options → Advanced section, select the Use TLS 1.1 and Use TLS 1.2 check boxes.

Preparing the Windows 10 operating system

To prevent false alarms when using Windows 10, disable SmartScreen. To do so, turn Off settings in the following sections:

• Start → Settings → App & browser control → Check apps and files, SmartScreen for Microsoft Edge.
• Start → Settings → Virus & threat protection → Real-time protection, Cloud-delivered protection, Automatic sample submission, Tamper Protection.

In the Windows Pro and Windows Enterprise editions, you need to disable the functionality in group policy: Start → Run → gpedit.msc → Local Group Policy Editor → Windows Components → File Explorer → Configure Windows Defender SmartScreen → Disabled, and restart the virtual machine.

General settings for all operating systems

When the operating system is installed:

• Make sure the default command shell is configured.
• Activate the operating system and other licensed software.

You can do the following with the installed operating system:

• Assign a static name to the computer.
• Create user accounts.

  In this case, you need to configure automatic logon.

• Select a localization.

  Russian and English localizations are fully supported. If you select a different localization, the quality of object scanning is diminished.

• Install software.

  Limitations on software installation:

  • Only one image at a time can be connected to one template. After the template has been saved, you can disconnect one image and mount another.
  • Versions of Microsoft Office later than 2016 are not supported.
  • Installing the following types of software is strongly discouraged:
    • Software that injects its code into another running process
    • Drivers for protection
    • Anti-virus applications including Windows Defender
  • Detection of malicious activity of files that rely on highly specialized software to run is not guaranteed.

Kaspersky Anti Targeted Attack Platform does not notify about problems with software installed on the operating system.

Exporting a template

You can export a template in one of the following ways:

• In the table of templates.
• When viewing a template.

The template must be turned off.

To export a template in the table of templates:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Templates section.
3. In the Action column next to the relevant image, click .

The template is exported. The file download starts automatically.

To export a template when viewing a template:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Templates section.
3. Select the relevant template.
4. In the Actions drop-down list, select Export.

The file download starts automatically. The file download starts automatically.

Importing a template

You can import a previously created template.

To import a template:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Templates section.
3. In the Add drop-down list, select Import template.
4. This opens the file upload window.
5. Select the file that you want to import.
6. Click Open.

The template appears in the list of templates.

You can edit a template, create a virtual machine from it, export, or delete it.

Deleting a template

When you delete a template, all virtual machines created based on that template are deleted.

You can delete a template in one of the following ways:

• In the table of templates.
• When viewing a template.

The template must be turned off.

To delete a template in the table of templates:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Templates section.
3. In the Action column next to the relevant image, click .

   This opens the action confirmation window.

4. Click Yes.

The template is deleted.

To delete a template when viewing a template:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Templates section.
3. Select the relevant template.
4. In the Actions drop-down list, select Delete.

   This opens the action confirmation window.

5. Click Yes.

The template is deleted.

Managing virtual machines

You can create, install, or delete installed virtual machines and virtual machines pending installation. You can also view lists of virtual machines with preset and custom operating systems.

Creating a virtual machine

You can create a virtual machine in one of the following ways:

• In the Virtual machines section.
• In the table of templates.
• In the template view.

The virtual machine template must be turned off. After the virtual machines is created, it must be installed.

Internet access is required to create a virtual machine with a custom operating system image.

Creating a virtual machine in the Virtual machines section

To create a virtual machine with a preset operating system image in the Virtual machines section:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Virtual machines section.
3. Click Create VM.

   This opens the virtual machine creation window.

4. In the Template drop-down list, select a template for the virtual machine.

   If the list does not contain a suitable template, you can import or create a template in the Templates section of the Sandbox web interface window.

5. In the Name field, type the name of the virtual machine.
6. In the Description field, enter the description of the virtual machine. This field is optional.
7. Click Add.
8. Some operating systems from the distribution kit require accepting the terms of the relevant end user license agreement. Read the text of the end user license agreement and click Accept.

The virtual machine with a preset operating system image is created.

To create a virtual machine with a custom operating system image in the Virtual machines section:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Virtual machines section.
3. Click Create VM.

   This opens the virtual machine creation window.

4. In the Template drop-down list, select a template for the virtual machine.

   If the list does not contain a suitable template, you can import or create a template in the Templates section of the Sandbox web interface window.

5. In the Name field, type the name of the virtual machine.

   The name must consist of Latin characters.

6. In the Description field, enter the description of the virtual machine. This field is optional.
7. Click Add.
8. If internet access is not configured for the server on which you are creating the virtual machine, the No internet access error message is displayed in the Templates window. To complete the virtual machine creation process, you must download debug symbols.

The virtual machine with a custom operating system image is created.

Creating a virtual machine in the table of templates

To create a virtual machine with a preset operating system image in the template table:

1. In the Sandbox web interface window, select the Templates & Storage section.

   Go to the Templates section.

2. In the Actions column next to the template, click Create VM.

   This opens the virtual machine creation window.

3. In the Template drop-down list, select a template for the virtual machine.

   If the list does not contain a suitable template, you can import or create a template in the Templates section of the Sandbox web interface window.

4. In the Name field, type the name of the virtual machine.
5. In the Description field, enter the description of the virtual machine. This field is optional.
6. Click Add.
7. Some operating systems from the distribution kit require accepting the terms of the relevant end user license agreement. Read the text of the end user license agreement and click Accept.

The virtual machine with a preset operating system image is created.

To create a virtual machine with a custom operating system image in the template table:

1. In the Sandbox web interface window, select the Templates & Storage section.

   Go to the Templates section.

2. In the Actions column next to the template, click Create VM.

   This opens the virtual machine creation window.

3. In the Template drop-down list, select a template for the virtual machine.

   If the list does not contain a suitable template, you can import or create a template in the Templates section of the Sandbox web interface window.

4. In the Name field, type the name of the virtual machine.

   The name must consist of Latin characters.

5. In the Description field, enter the description of the virtual machine. This field is optional.
6. Click Add.
7. If internet access is not configured for the server on which you are creating the virtual machine, the No internet access error message is displayed in the Templates window. To complete the virtual machine creation process, you must download debug symbols.

The virtual machine with a custom operating system image is created.

Creating a virtual machine in the template view

To create a virtual machine with a preset operating system image in the template view:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Templates section.
3. Select the relevant template.
4. Click Create VM.

   This opens the virtual machine creation window.

5. In the Template drop-down list, select a template for the virtual machine.

   If the list does not contain a suitable template, you can import or create a template in the Templates section of the Sandbox web interface window.

6. In the Name field, type the name of the virtual machine.
7. In the Description field, enter the description of the virtual machine. This field is optional.
8. Click Add.
9. Some operating systems from the distribution kit require accepting the terms of the relevant end user license agreement. Read the text of the end user license agreement and click Accept.

The virtual machine with a preset operating system image is created.

To create a virtual machine with a custom operating system image in the template view:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Templates section.
3. Select the relevant template.
4. Click Create VM.

   This opens the virtual machine creation window.

5. In the Template drop-down list, select a template for the virtual machine.

   If the list does not contain a suitable template, you can import or create a template in the Templates section of the Sandbox web interface window.

6. In the Name field, type the name of the virtual machine.

   The name must consist of Latin characters.

7. In the Description field, enter the description of the virtual machine. This field is optional.
8. Click Add.
9. If internet access is not configured for the server on which you are creating the virtual machine, the No internet access error message is displayed in the Templates window. To complete the virtual machine creation process, you must download debug symbols.

The virtual machine with a custom operating system image is created.

Viewing the table of virtual machines with preset operating systems

To view the list of virtual machines with preset operating systems:

1. Select the Virtual machines section in the window of the Sandbox web interface.
2. Select the Preconfigured tab.

The table of virtual machines with preset operating systems is displayed.

The table contains the following information:

• Name is the name of the virtual machine.
• Status is the status of the virtual machine, for example, Enabled or Disabled.
• Actions are operations available for the virtual machine. The following operations may be available: Delete.

The Not installed virtual machines section displays virtual machines that are ready for installation but have not yet been installed.

Viewing the table of virtual machines with custom operating systems

To view the list of virtual machines with custom operating systems:

1. Select the Virtual machines section in the window of the Sandbox web interface.
2. Select the Custom tab.

The table of virtual machines with custom operating systems is displayed.

The table contains the following information:

• Created is the time when the virtual machine was created.
• Name is the name of the virtual machine.
• Status is the status of the virtual machine, for example, Enabled or Disabled.
• Actions are operations available for the virtual machine. The following operations may be available: Delete.
• Description is the description specified when creating the virtual machine.

Installing a virtual machine

After creating a virtual machine, it must be installed.

To install a virtual machine with a preset operating system image:

1. Select the Virtual machines section in the window of the Sandbox web interface.
2. Select the Preconfigured tab.
3. In the Not installed virtual machines section, click Install ready VMs.

All virtual machines pending installation are installed.

To install a virtual machine with a custom operating system image:

1. Select the Virtual machines section in the window of the Sandbox web interface.
2. Select the Custom tab.
3. Next to the relevant virtual machine in the Actions column, click the Install link.
4. When the virtual machine is installed, in the Actions column, click the Enable link.

The virtual machine is installed and ready to use.

Deleting a virtual machine

To delete an installed virtual machine:

1. Select the Virtual machines section in the window of the Sandbox web interface.
2. Select the Preconfigured or Custom tab.
3. In the Actions column next to the relevant virtual machine, click Delete.

The virtual machine is deleted.

To delete a non-installed virtual machine with a preset operating system image:

1. Select the Virtual machines section in the window of the Sandbox web interface.
2. In the Not installed virtual machines section, click Delete all pending VMs.

All virtual machines with preset operating system images that are pending installation are deleted.

To delete a non-installed virtual machine with a custom operating system image:

1. Select the Virtual machines section in the window of the Sandbox web interface.
2. Select the Custom tab.
3. Next to the relevant virtual machine in the Actions column, click the Delete link.

The virtual machine with a custom operating system image that is pending installation is deleted.

Downloading debug symbols

If internet access is not configured for the server on which the virtual machine with the custom image is installed, you must download the Microsoft debug symbols to correctly complete the virtual machine installation.

You can download debug symbols during virtual machine installation in the Templates window or after the virtual machine receives the Failed status in the list of virtual machines.

For debug symbols to download correctly, the operating system used for the virtual machine template must have Windows Debug Tools installed and the name of the host connected to the network (hostname) must contain only Latin letters, numerals, and special characters.

To download debug symbols during virtual machine installation in the Templates window:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Templates section.
3. Select the relevant template.
4. In the window with the No internet access error, click Download manifesto.

   The Download manifesto is not available until the virtual machine gets the Failed status.

   An archive is downloaded to your computer.

5. Unpack the downloaded archive.
6. Run the sbsymtool.ps1 using Windows PowerShell.

   The archive with debug symbols is downloaded to the folder where this file is located.

7. In the Sandbox web interface window, select the Templates & Storage section.
8. Go to the Templates section.
9. Select the template for which you have downloaded debug symbols.
10. In the Actions drop-down list, select Upload symbols.
11. This opens a window; in that window, select the archive with the debug symbols and click Open.

Debug symbols are downloaded. The virtual machine is installed and displayed in the list of virtual machines running custom operating systems.

To download debug symbols after a virtual machine has received the Failed status in the list of virtual machines:

1. In the Sandbox web interface window, select the Templates & Storage section.
2. Go to the Templates section.
3. Select the relevant template.
4. In the Actions drop-down list, select Download manifesto.

   An archive is downloaded to your computer.

5. Unpack the downloaded archive.
6. Run the sbsymtool.ps1 using Windows PowerShell.

   The archive with debug symbols is downloaded to the folder where this file is located.

7. In the Templates window, expand the Actions list and select Upload symbols.
8. This opens a window; in that window, select the archive with the debug symbols and click Open.

Debug symbols are downloaded. The virtual machine is installed and displayed in the list of virtual machines running custom operating systems.

Setting the maximum number of simultaneously running virtual machines

Set a limit on the number of simultaneously running virtual machines with operating systems in which the Sandbox component will process objects.

The number of simultaneously running virtual machines cannot exceed 200.

Calculate the number of simultaneously running virtual machines with images of operating systems as follows: multiply the number of logical cores by 1.5.

To set the maximum number of simultaneously running virtual machines:

1. In the Sandbox web interface window, select the Administration section.
2. In the Guest virtual machines group of settings, in the Maximum simultaneous VMs field, enter the number of simultaneously running virtual machines.

   You can enter a number ranging from 1 to 200.

3. Click Save.

Changing the number of license keys for a virtual machine with a custom operating system image

When creating a virtual machine with a custom operating system image, Kaspersky Anti Targeted Attack Platform specifies the number of license keys for software that is used inside that virtual machine. By default, the number of license keys is equal to the number of virtual machines running at the same time. Your license must cover this number. If necessary, you can change the number of license keys for the virtual machine.

If the number of license keys configured for a virtual machine is less than the number of simultaneously running virtual machines, the overall performance of the Sandbox server may be degraded.

It is not recommended to change the specified number of simultaneously running virtual machines.

To change the number of license keys for a virtual machine with a custom operating system image:

1. Enter the management console of the Sandbox server via the SSH protocol or through a terminal.
2. Get a list of servers by running the sb-custom-images list-vm command.

   The table of virtual machines is displayed, where id is the ID of the virtual machine, name is the name of the virtual machine, and licenses is the number of license keys.

3. Set the number of license keys for the selected virtual machine by running the sb-custom-images licenses -id <virtual machine ID> -ln <number of licenses> command.

The number of license keys is changed.

To get help for the script, run the sb-custom-images --help command.

Downloading the Sandbox system log to the hard drive

Log data in the Sandbox system is stored in open, non-encrypted form. The data is stored for the last 7 days.

To download the Sandbox system log to the hard drive:

1. In the Sandbox web interface window, select the Administration section.
2. In the System log settings group, click the Download button.
3. The Sandbox system log is downloaded to your computer's hard drive into the folder set as the file download folder in the settings of the browser that you use for working with the application.

Exporting Sandbox settings

To export the settings of a Sandbox system:

1. In the Sandbox web interface window, select the Administration section.
2. In the Settings settings group, click the Export button.

   This opens the Warning window containing a warning on specifics of exporting the system parameters.

   The Sandbox system parameters are dependent on hardware and software parameters of the server, on which the Sandbox component is installed. The Sandbox system exported parameters are intended to be imported to the same or another server strictly identical in configuration. Any attempt to restore the configuration of the Sandbox system with parameter values saved to another Sandbox system may disrupt the Sandbox system.

3. Click Save.

A tar.gz file is downloaded to your computer's hard drive into the folder set as the file download folder in the settings of the browser that you use for working with the application. The file contains all the Sandbox system current parameters.

Archives with backup copies of the system parameters can contain confidential information, such as passwords and privacy keys. The Kaspersky Anti Targeted Attack Platform administrator must independently ensure the security of this data.

Importing Sandbox settings

To import Sandbox settings:

1. In the Sandbox web interface window, select the Administration section.
2. In the Settings settings group, click the Import button.

   This open the Warning window containing a warning on specifics of importing the system parameters.

   The Sandbox component parameters are dependent on hardware and software parameters of the server, on which the Sandbox is installed. The Sandbox exported parameters are intended to be imported to the same or another server strictly identical in configuration. Any attempt to restore the configuration of one Sandbox system with parameter settings saved to another Sandbox system may disrupt the system.

3. Click Restore.

   This opens the file selection window.

4. Select a tar.gz file with the Sandbox parameters that you want to download and click the Open button.

   This closes the file selection window.

   If the Sandbox parameters have been successfully imported, the Sandbox server will restart. A few minutes later, you need to refresh the browser window and log in again.

Archives with backup copies of the system configuration can contain confidential information, such as passwords and privacy keys. The Kaspersky Anti Targeted Attack Platform administrator must independently ensure the storage security of this data.

Restarting the Sandbox server

To restart the Sandbox server:

1. In the Sandbox web interface window, select the Administration section.
2. In the Power settings group, click the Restart button.

   This opens the Sandbox server restart confirmation window.

3. Click Yes.

The Sandbox server will restart. In a few minutes, you will be able to log in to the system.

Powering off the Sandbox server

To power off the Sandbox server:

1. In the Sandbox web interface window, select the Administration section.
2. In the Power settings group, click the Power off button.

   This opens the Sandbox server shutdown confirmation window.

3. Click Yes.

The Sandbox server powers off.

Changing the Sandbox administrator account password

To change the Sandbox administrator account password:

1. In the Sandbox web interface window, select the Administration section.
2. The Change password settings group will show the Sandbox administrator account name that you set during installation of the Sandbox and the fields for changing the password.
3. In the Current password field, enter the current password for the Sandbox administrator account.
4. In the New password field, enter a new password for the Sandbox administrator account.
5. In the Confirm password field, enter the new password for the Sandbox administrator account again.
6. Click Change password.

   The Sandbox administrator account password will be changed.