Data gathered from the sandbox does not remain isolated. It is fed into Symantec’s machine learning models. This allows the system to "learn" new malware families, eventually allowing the endpoint agent to detect similar strains without needing to detonate them in the sandbox again.
A sandbox is a security mechanism for separating running programs. In malware analysis, it is an isolated virtual environment that mimics a real operating system (OS). When a file enters the sandbox, the system monitors its execution to determine if it exhibits malicious behavior (e.g., modifying registry keys, attempting network connections, or encrypting files). symantec sandboxing