Gmail Security Sandbox overview

Supported editions for this feature: Frontline Plus; Business Standard and Business Plus; Enterprise Standard and Enterprise PlusCompare your edition

As an administrator, you can use Gmail Security Sandbox to protect your organization against malware. It works by scanning incoming email attachments in a secure, isolated environment called a Security Sandbox to identify malware in the attachments without risking any harm to your organization.

How it works...

Security Sandbox creates a virtual environment that is separate from your operating system. When you receive an email attachment, Security Sandbox opens it in the virtual environment and checks for signs of malicious activity. If it finds dangerous activities, such as attempts to modify system files, connections to suspicious servers, or malware downloads, Security Sandbox flags the email as dangerous and blocks it from your inbox.

Why it's important...

Security Sandbox enhances protection by detecting malware that your existing antivirus software might miss. Its ability to scan files in an isolated environment and detect previously unknown malware protects you from malicious attachments that could compromise your data or system.

Security Sandbox analyzes various attachment types, including Microsoft Office documents, Microsoft executables (.exe), and PDFs.

It also minimizes delays in email delivery. While scanning does add a slight delay, the scan should be complete within a few minutes.

Turn on Security Sandbox

As an administrator, you can set up Gmail to scan all email attachments in the Security Sandbox. The setting is off by default.

  1. Sign in with an administrator account to the Google Admin console.

    If you aren’t using an administrator account, you can’t access the Admin console.

  2. Go to Menu and then Apps > Google Workspace > Gmail > Spam, Phishing and Malware.

    Requires having the Gmail Settings administrator privilege.

  3. (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
  4. Scroll to Security Sandbox in the Spam, Phishing, and Malware section.
  5. To scan all attachments, check the Enable virtual execution box.

    Note: When you check this box, Security Sandbox scans every attachment, even if you set up specific sandbox rules.

  6. Click Save.

Changes can take up to 24 hours but typically happen more quickly. Learn more

To learn more about using Security Sandbox, go to Set up rules to detect harmful attachments


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Main menu
2360975168850373092
true
Search Help Center
true
true
true
true
true
73010
false
false
false
false