From 802a03f98d2a35454a6f9378a8ffa817b6a8594a Mon Sep 17 00:00:00 2001
From: Max Phillips <mphillips@cloudflare.com>
Date: Mon, 31 Mar 2025 16:53:25 -0500
Subject: [PATCH 1/2] Add additional sandboxing context

---
 .../policies/gateway/http-policies/file-sandboxing.mdx          | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx
index af6e7ddecc35935..d5270b513a39c0c 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx
@@ -15,6 +15,8 @@ In addition to [anti-virus (AV) scanning](/cloudflare-one/policies/gateway/http-
 
 If AV scanning does not detect malware in a file download, Gateway will quarantine the file in the sandbox. If the file has not been downloaded before, Gateway will monitor any actions taken by the file and compare them to known malware patterns. During this process, Gateway will display an interstitial page in the user's browser. If the sandbox does not detect malicious activity, Gateway will release the file from quarantine and download it to your user's device. If the sandbox detects malicious activity, Gateway will block the download. For any subsequent downloads of the file, Gateway will remember and apply its allow/block decision.
 
+Gateway executes quarantined files in a sandboxed Windows operating system environment. Using machine learning, the sandbox will compare how files of a certain type behave compared to how confirmed samples behave. The sandbox will detect files actions down to the kernel level and compare these a real-time malware database. In addition, Gateway checks the sandbox's network activity for malicious behavior and data exfiltration.
+
 Gateway will log any file sandbox decisions in your [HTTP logs](/cloudflare-one/insights/logs/gateway-logs/#http-logs).
 
 ```mermaid

From 31a37c59096fa492658d24454204e46db9ef8413 Mon Sep 17 00:00:00 2001
From: Max Phillips <mphillips@cloudflare.com>
Date: Mon, 31 Mar 2025 16:58:00 -0500
Subject: [PATCH 2/2] Add environment section

---
 .../policies/gateway/http-policies/file-sandboxing.mdx    | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx
index d5270b513a39c0c..80e41526fef2d5a 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx
@@ -13,9 +13,7 @@ Only available on Enterprise plans. For more information, contact your account t
 
 In addition to [anti-virus (AV) scanning](/cloudflare-one/policies/gateway/http-policies/antivirus-scanning/), Gateway can quarantine previously unseen files downloaded by your users into a sandbox and scan them for malware.
 
-If AV scanning does not detect malware in a file download, Gateway will quarantine the file in the sandbox. If the file has not been downloaded before, Gateway will monitor any actions taken by the file and compare them to known malware patterns. During this process, Gateway will display an interstitial page in the user's browser. If the sandbox does not detect malicious activity, Gateway will release the file from quarantine and download it to your user's device. If the sandbox detects malicious activity, Gateway will block the download. For any subsequent downloads of the file, Gateway will remember and apply its allow/block decision.
-
-Gateway executes quarantined files in a sandboxed Windows operating system environment. Using machine learning, the sandbox will compare how files of a certain type behave compared to how confirmed samples behave. The sandbox will detect files actions down to the kernel level and compare these a real-time malware database. In addition, Gateway checks the sandbox's network activity for malicious behavior and data exfiltration.
+If AV scanning does not detect malware in a file download, Gateway will quarantine the file in the [sandbox](#sandbox-environment). If the file has not been downloaded before, Gateway will monitor any actions taken by the file and compare them to known malware patterns. During this process, Gateway will display an interstitial page in the user's browser. If the sandbox does not detect malicious activity, Gateway will release the file from quarantine and download it to your user's device. If the sandbox detects malicious activity, Gateway will block the download. For any subsequent downloads of the file, Gateway will remember and apply its allow/block decision.
 
 Gateway will log any file sandbox decisions in your [HTTP logs](/cloudflare-one/insights/logs/gateway-logs/#http-logs).
 
@@ -75,6 +73,10 @@ To test if file sandboxing is working, you can create a Quarantine policy that m
 
 Gateway will quarantine and scan the file, display an interstitial status page in the browser, then release the file for download.
 
+## Sandbox environment
+
+Gateway executes quarantined files in a sandboxed Windows operating system environment. Using machine learning, the sandbox compares how files of a certain type behave compared to how these files should behave. The sandbox detects file actions down to the kernel level and compare these a real-time malware database. In addition, Gateway checks the sandbox's network activity for malicious behavior and data exfiltration.
+
 ## Compatibility
 
 ### Supported file types