behavior shield vs. auto sandbox

Forgive me if this has been answered already, as this is a large forum to search through…

Since the behavior shield is supposed to kick-in for “suspicious” behavior, it would seem to me that would be sufficient reason to have the auto-sandbox kick-in as well.

So what I’m asking is to try to understand the difference between what the behavior shield looks for and when the auto-sandbox kicks in???

Autosandbox kicks in for a suspicious file before the actual execution of the file, the behavior shield is watching the behaviour of the file, or process and kicks in when detects a suspicious action.

Thanks. That was simple enough :slight_smile:

You’re welcome. :slight_smile: