Joe Sandbox Detect is a lightweight Windows endpoint utility that integrates with Joe Sandbox Cloud to provide deep malware analysis capabilities for security teams. It addresses two primary use cases: **EDR/XDR Alert Validation:** Joe Sandbox Detect continuously monitors the quarantine folder of supported Endpoint Protection solutions. When a new file is quarantined, it is automatically submitted to Joe Sandbox for analysis. The security team receives a detailed malware analysis report, including the EDR/XDR threat name, timestamp, executive report, PCAP, screenshots, and IOCs. **User-Reported Phishing and Malware:** A drag-and-drop bar is placed on the Windows desktop, allowing end users to submit suspicious emails, attachments, or files directly to Joe Sandbox for analysis. The security team (and optionally the end user) receives a detailed analysis report. **Additional Capabilities:** - Analyzes URLs to detect phishing attacks and malicious webpages - All analyzed files and IOCs are encrypted with AES; only the user holds the decryption password - Configurable alerts delivered via SYSLOG or email - Zero performance impact on endpoints, as all analysis is performed in the cloud or on-premise - Deployed via MSI installer with command-line configuration options - Does not interfere with existing security tools or settings Supported Endpoint Protection solutions include: Avast, AVG, Avira, CrowdStrike, ESET, FortiClient, GData, Kaspersky, MalwareBytes, McAfee, SentinelOne, Sophos, Trend Micro, and Windows Defender.