Detonate malicious files in isolation. Before they reach your staff.
68% of new malware variants evade signature-based detection. IP Four detonates suspicious attachments in isolated sandbox environments, analysing their behaviour before delivery. Ransomware, zero-day exploits, and macro malware are all caught before they land.
Every attachment analysed, every threat detonated safely.
From Office macros to zero-day PDF exploits, our sandbox analysis catches what signature-based tools miss by watching what files actually do.
Office Document Detonation
Word, Excel, and PowerPoint files are opened and executed in an isolated sandbox environment. Macro-based malware, embedded scripts, and exploit payloads are triggered and analysed before the file reaches any user.
PDF and Archive Analysis
PDF files are rendered and analysed for embedded JavaScript, exploit code, and malicious links. ZIP, RAR, and other archive formats are unpacked and each contained file is individually sandboxed.
Behavioural Execution Analysis
Files are not just scanned for known signatures. They are executed and their behaviour is monitored. Network connections, registry changes, file system modifications, and process spawning are all analysed.
Zero-Day Malware Detection
Novel malware with no existing signatures is detected through behavioural analysis. Polymorphic malware that changes its signature on each delivery is caught by its actions rather than its appearance.
Rapid Detonation with Minimal Delay
Sandbox analysis completes in seconds for most file types. Delivery delay is minimised through parallel processing and intelligent pre-screening that prioritises suspicious files for deep analysis.
Detailed Forensic Reports
Every sandboxed file generates a detailed forensic report showing exactly what the file attempted to do. Reports support incident response, threat hunting, and regulatory compliance requirements.
From policy configuration to continuous attachment protection.
Attachment Policy Configuration
We configure which file types are subject to sandbox analysis based on your risk profile and operational requirements. Policies balance security with delivery speed for your specific workflows.
Sandbox Environment Provisioning
Isolated sandbox environments are provisioned matching your operating system versions and application stack. Malware behaves differently in different environments, so matching your estate maximises detection.
Integration with Email Gateway
Sandbox analysis is integrated into your email gateway workflow. Suspicious attachments are held for analysis while clean attachments pass through immediately. Users experience minimal disruption.
Quarantine and Alert Configuration
Malicious file quarantine policies and alert workflows are configured. IT teams receive immediate notification with full forensic detail. Users receive appropriate messaging when attachments are held.
False Positive Tuning
Sandbox policies are tuned over two weeks to eliminate false positives for your specific business applications and file types. Legitimate business attachments are whitelisted without compromising security.
Ongoing Threat Intelligence Updates
Sandbox detection models are updated continuously with new malware families, exploit techniques, and evasion methods. Your protection evolves automatically as attackers develop new approaches.
How we have stopped malicious attachments reaching UK organisations.
Ransomware Hidden in Invoice Attachment
A Nottingham manufacturing company received an email with a Word document purporting to be an overdue invoice from a supplier. The document contained a macro that would deploy ransomware on opening.
Sandbox detonation triggered the macro in isolation. Ransomware behaviour identified and file quarantined. Finance team alerted. No ransomware deployed. Supplier notified of impersonation.
Zero-Day Exploit in PDF Attachment
A London law firm received a PDF attachment in a client communication that contained a zero-day PDF reader exploit with no existing signature. Standard antivirus passed the file as clean.
Behavioural sandbox analysis identified the exploit attempt during execution. File quarantined. Zero-day reported to threat intelligence network. Firm protected before any public disclosure.
Malware Concealed in ZIP Archive
An Edinburgh accountancy firm received a ZIP archive purportedly containing client documents. Inside was a nested archive containing an executable disguised as a PDF with a double extension.
Archive unpacking and recursive sandboxing identified the malicious executable. File quarantined before delivery. Staff member briefed. Attack pattern added to organisation-wide block list.
Find out what malicious attachments are getting through to your staff.
Our free attachment security review analyses a sample of your recent email traffic through our sandbox, identifies what your current tools are missing, and quantifies your exposure. No cost, no obligation.