Persistent Threat Analysis System (PTA) is an in-depth threat identification appliance developed by Antiy Labs for detecting known and unknown threats within format documents, executable files, and URLs. It is designed for governments and enterprises requiring advanced threat analysis capabilities, particularly against APT (Advanced Persistent Threat) attacks. PTA combines dynamic and static malicious code detection techniques with an intelligent decision-making mechanism. It incorporates Antiy's AVL SDK engine, a virus database, and a whitelist database to perform high-accuracy file analysis at scale. Static analysis is performed before sandbox execution, enabling early extraction of behavioral indicators; dynamic analysis provides in-depth sandbox execution to detect format document overflows, 0day vulnerabilities, and other advanced attacks. Key use cases include: - Isolating and scanning external files before they enter internal networks - Tracing and querying APT incident signatures against historical PTA data - Analyzing malicious code samples to produce detailed analysis reports - Scanning email server attachments and contents for malicious behavior PTA supports Windows, Linux, China's Kylin OS, and WPS office software as sandbox environments, allowing organizations to construct detection environments that reflect their actual infrastructure. It can be deployed standalone within an internal network or integrated with other Antiy products (PTD for network traffic restoration, IEP for endpoint protection) and third-party security products (firewalls, IPS, FTP servers, OA systems, file storage servers) via standard API interfaces.