Malicious software, also called malware, is software written with malicious intent, such as causing disruption, stealing information, money, or identities, or causing other harm without the consent of the owner or operator of the computer system. Malware are often analyzed and/or detected in sandbox-based solutions. A sandbox is a security mechanism for isolating a running software program, so it cannot harm the rest of the computer system. Example sandbox isolation mechanisms include limiting or emulating access to resources such as: disk and system memory, network access, access to other input or output devices, and host operating system services. Sandboxes are often implemented using virtualization technology. Where writes to system resources such as the file system are allowed, sandboxes often create a copy of the resource which is discarded when the sandbox completes operation, so that the underlying resource is not modified by malicious software. Some malware commonly referred to as evasive malware attempts to prevent detection of itself as malware. Malware can be evasive by, for example, exploiting the fact that sandboxes are often required to keep up with a constant stream of incoming network samples of potentially malicious software and thus can only run the software being analyzed for a few minutes before moving to other samples. Evasive malware can prevent suspicious behavior from being exposed or detected inside the sandbox by, for example, sleeping or doing harmless computations until the sandbox times out, or detecting the sandbox environment to shut down. Other examples of how malware evade sandbox detection are listed later in this document.