McAfee QUICKCLEAN 3.0 Guía de usuario Pagina 107
- Pagina / 140
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Table 7-6 Analysis Summary report sections
Item Description
1 This section displays the details of the sample file. This includes the name, hash values,
and the file size in bytes.
2 Analysis Results section on page 108. This section provides the results from the
methods used for the file and the results from those methods. This section also displays
the overall severity level for the file.
3 Analysis Environment section on page 108. This section includes the details of the
analyzer VM, properties of the file, and so on.
4 Processes analyzed in this sample. This section lists all the files that were executed
when dynamically analyzing the sample file. It also provides the reason how each file
got to be executed along with their severity score.
The Reason column indicates which other file or process created or opened this file. If
there is only one file in the sample, the reason displayed is loaded by MATD Analyzer. If
the sample file is a .zip file containing multiple files or if a file opens other files, the
reason for the first file is created by <file name> & loaded by MATD Analyzer. For the
subsequent files, the Reason column indicates all the files/processes that created it and
all the files/processes that opened it.
The Level column indicates the severity level based on dynamic analysis for each file.
•
— indicates a severity score of 0 and a threat level of informational. This
is the severity for white-listed files.
•
— indicates a severity score of 1 and a threat level of very low.
•
— indicates a severity score of 2 and a threat level of low.
•
— indicates a severity score of 3 and a threat level of medium.
•
— indicates a severity score of 4 and a threat level of high.
•
— indicates a severity score of 5 and a threat level of very high.
Click a file name to navigate to the section of the report that provides the details of the
file behavior. That is, when you click a file name, you are navigated to the section
indicated by 7 in the preceding figure.
5 Classification / threat score section on page 109. This section provides the individual
scores for the various characteristics of a typical malware.
6 Dynamic analysis section. This section displays the percentage of the file code that was
executed. For example, the file might have taken an alternative path during execution
due to which some part of the code was not executed at all. This section also provides a
brief executive behavior summary with the corresponding severity levels.
indicates a very low severity behavior.
indicates a low severity behavior.
indicates a medium severity behavior.
indicates a high severity behavior.
indicates a very high severity behavior.
7 Operations details section. This section provides detailed information on all the
operations performed by the sample file during dynamic analysis. These operations are
grouped under corresponding groups. Expand each group for the specific operations. For
example, expand Files Operations to view the files created, files deleted, files modified,
files read, directories created or opened, directories removed, and so on.
Analyzing malware
View the analysis results
7
McAfee Advanced Threat Defense 3.0.4 Product Guide
107
- Product Guide 1
- COPYRIGHT 2
- TRADEMARK ATTRIBUTIONS 2
- LICENSE INFORMATION 2
- License Agreement 2
- Contents 3
- 5 Creating analyzer VM 41 4
- 7 Analyzing malware 97 4
- Index 139 5
- About this guide 7
- Find product documentation 8
- Advanced 9
- Malware detection and McAfee 10
- Advanced Threat Defense 10
- Web Gateway 14
- Defense Appliance 17
- Warnings and cautions 19
- Usage restrictions 19
- Unpack the shipment 20
- Check your shipment 20
- Port numbers 24
- Handling the front bezel 27
- Connect the network cable 28
- Defense web application 31
- Viewing user profiles 34
- Add users 35
- Figure 4-3 Add users 36
- Edit Users 37
- Delete Users 38
- Troubleshooting 39
- Delete the analysis results 40
- Creating analyzer VM 41
- • Confirm — Enter cr@cker42 45
- Processor Configuration 47
- Network Type 49
- Select I/O Controller Types 49
- Figure 5-12 Select a disk 50
- Select Write 58
- • Password — Enter cr@cker42 65
- Figure 5-33 Run sigcheck.exe 67
- Figure 5-36 Run MergeIDE 68
- Figure 5-37 Warning message 68
- Figure 5-38 Activate Windows 69
- Figure 5-39 Settings option 70
- Managing VM profiles 74
- View VM profiles 75
- Create VM profiles 76
- Figure 5-51 Shut down the VM 78
- Figure 5-53 79
- Edit VM profiles 80
- Delete VM profiles 80
- View the VM creation log 81
- Defense for malware analysis 83
- Terminologies 84
- Managing analyzer profiles 87
- View analyzer profiles 88
- Create analyzer profiles 89
- Integration with McAfee ePO 91
- Analyzing malware 100
- View the analysis results 102
- Analysis Results section 108
- Analysis Environment section 108
- Operations details section 109
- Disassembly Results 110
- Dropped files report 110
- Logic Path Graph 111
- User API Log 116
- Malware analysis monitors 118
- File Counters 119
- Files analyzed by File Type 119
- Analyzer Profile Usage 120
- Top malware by file name 120
- VM Creation Status monitor 121
- System Information 122
- Threat Defense 123
- CLI syntax 124
- Log on to the CLI 125
- Meaning of "?" 125
- Appliance 125
- List of CLI commands 126
Relacionado con productos y manuales para Redes McAfee QUICKCLEAN 3.0
(12 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.058 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales