Explore Joe Security Cloud Basic Accounts Contact Us
top title background image

Joe Sandbox Filter

High Speed Benign File Filtering

Joe Sandbox Filter enables to improve the overall performance of Joe Sandbox. It is designed to filter benign PE files with high speed and precision.

Dynamic malware analysis is time consuming. As a result powerful and extensive hardware is required to process large file volumes. Joe Sandbox Filter helps to keep hardware costs low by filtering benign samples with performant static heuristics.

Joe Sandbox Filter is a plugin for Joe Sandbox Desktop, Joe Sandbox Complete and Joe Sandbox Light.
Joe Sandbox Filter

Joe Sandbox Filter Explained

Joe Sandbox Filter Explained

Joe Sandbox Filter is directly added as an input processor to Joe Sandbox Desktop, Complete or Light and integrated via the cookbook chaining technology.

In a first step Joe Sandbox Filter performs an extensive static analysis. It includes PE structure, data and code extraction. All information is stored to a report which is available in HTML, XML and JSON format. Signatures are then applied to select and rate benign artifacts.

As result Joe Sandbox Filters determines if a file is benign or not. The detection algorithm has been tuned to detect benign files with a high confident level and with a high filter ratio >50% meaning that half of the benign input files are note analyzed with costly dynamic analysis.

Joe Sandbox Filter has been designed to have low false positive / negative rates as well as a high filter ratio. Extensive tests have shown that the average processing time per file is below 30 seconds.


Learn more about Joe Sandbox Filter

Contact Joe Security to schedule a technical presentation.

Innovative Heuristics

Rather than detecting the malicious behavior of software, Joe Sandbox Filter focuses on the identification of benign artifacts. To do so it uses innovative heuristics such as entry point analysis or packing detection to classify benign codes. Joe Sandbox Filter includes over 30 signatures to detect benign characteristics.

Innovative Heuristics

Advanced PE Header Analysis

Joe Sandbox Filter consists of an extensive PE file parser which extracts fields and flags from PE file structures. It executes many additional forensic analyses such as entry point disassembly, XOR and x86 function searches on several file parts.

Advanced PE Header Analysis

High Performance and Precision

Joe Sandbox Filter is optimized for large-scale analysis with an average processing time of 30 seconds per sample. The filter is very precise. False negative and positive rates have been optimized to be less than 1%. In several tests Joe Sandbox Filter has selected over 50% of all benign samples successfully.

High Performance and Precision

Designed for Large Scale Analysis

Joe Sandbox Filter has been designed to easily process large volumes of files. It can be easily integrated in Joe Sandbox Desktop, Complete or Light to prevent costly dynamic analysis.

Designed for Large Scale Analysis

Yara

Joe Sandbox Filter allows to use Yara Rules for advanced malware detection. Joe Sandbox Filter forwards all samples to Yara.

Yara

Learn more about Joe Sandbox Filter

Contact Joe Security to schedule a technical presentation.