I have currently the request, that in a CSR Report (Web Security Overview) within the query Web Protection Coverage files blocked by a sandbox solution like ATD or in our case SandBlast, should be reported separately and not added to the Protection area Malware.
In my investigation I tried first to find out a block reason which the reporter would understand and which would match best. But id 140 or 151 (DLP, Webhybrid) are shown as not recognized by reporter. Also Protection Area enum (.Number is from ReportDbReason.enum) (message-reports-override_de_DE.properties) does not have any adequate number for my request.
So based on this: is it possible with normal text-file configuration to add something like this or does it have to be requeted as a feature for MWG/CSR? Or is there any other solution to report Malware found by a Sanbox Solution separately than these found by Antimalware Engine?