McAfee QUICKCLEAN 3.0 Guía de usuario Pagina 117
- Pagina / 140
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
convention. Consider that the sample submitted is vtest32.exe. Then the .zip file contains the
following results:
• vtest32_summary.html (.json, .txt, .xml) — This is the same as the Analysis Summary report.
There are four file formats for the same summary report in the .zip file. The html and txt files
are mainly for end users to review the analysis report. The .json and .xml files provide
well-known malware behavior tags for high-level programming script to extract key information.
• vtest32.log — This file captures the Windows user-level DLL API calling activities during dynamic
analysis. You must thoroughly examine this file to understand the complete API calling sequence
as well as the input and output parameters. This is the same as the User API Log report.
• vtest32ntv.txt — This file captures the Windows native services API calling activities during
dynamic analysis.
• vtest32.txt — This file shows the PE header information of the submitted sample.
• vtest32_detail.asm — This is the same as the Disassembly Results report. This file contains
reverse-engineering disassembly listing of the sample after it has been unpacked or decrypted.
• vtest32_logicpath.gml — This file is the graphical representation of cross-reference of function
calls discovered during dynamic analysis. This is the same as the Logic Path Graph report.
• log.zip —This file contains all the run-time log files for all processes affected by the sample
during the dynamic analysis. If the sample generates any console output text, the output text
message is captured in the ConsoleOutput.log file zipped up in the log.zip file. Use any regular
unzip utility to see the content of all files inside this log.zip file.
• dump.zip — This file contains the memory dump (dump.bin) of binary code of the sample during
dynamic analysis. This file is password protected. The password is virus.
• dropfiles.zip — This is the same as the Dropped Files report in the Analysis Results page. The
dropfiles.zip file contains all files created or touched by the sample during the dynamic analysis.
It is also password protected. The password is virus.
McAfee Advanced Threat Defense does not provide you access to the original sample files that it
analyzed. If Network Security Platform is integrated, you can use the Save File option in the Advanced
Malware policy to archive samples. However, note that the Sensor's simultaneous file scan capacity
is reduced if the Save File option is enabled. See the latest Network Security Platform IPS
Administration Guide for the details.
Working with the McAfee Advanced Threat Defense Dashboard
When you access McAfee Advanced Threat Defense from a client browser, the McAfee Advanced Threat
Defense Dashboard is displayed. You can view the following monitors on the McAfee Advanced Threat
Defense Dashboard:
• VM Creation Status — Shows the status for analyzer VMs that being created.
• File Counters — Provides a status of files being analyzed.
• Files analyzed by File Type — Provides a view of file types being analyzed.
• Top Malware by File Name — Lists the most severe malware files in your network by file name.
• Analyzer Profile Usage — Provides the details of the analyzer profiles being used.
Analyzing malware
Working with the McAfee Advanced Threat Defense Dashboard
7
McAfee Advanced Threat Defense 3.0.4 Product Guide
117
- Product Guide 1
- COPYRIGHT 2
- TRADEMARK ATTRIBUTIONS 2
- LICENSE INFORMATION 2
- License Agreement 2
- Contents 3
- 5 Creating analyzer VM 41 4
- 7 Analyzing malware 97 4
- Index 139 5
- About this guide 7
- Find product documentation 8
- Advanced 9
- Malware detection and McAfee 10
- Advanced Threat Defense 10
- Web Gateway 14
- Defense Appliance 17
- Warnings and cautions 19
- Usage restrictions 19
- Unpack the shipment 20
- Check your shipment 20
- Port numbers 24
- Handling the front bezel 27
- Connect the network cable 28
- Defense web application 31
- Viewing user profiles 34
- Add users 35
- Figure 4-3 Add users 36
- Edit Users 37
- Delete Users 38
- Troubleshooting 39
- Delete the analysis results 40
- Creating analyzer VM 41
- • Confirm — Enter cr@cker42 45
- Processor Configuration 47
- Network Type 49
- Select I/O Controller Types 49
- Figure 5-12 Select a disk 50
- Select Write 58
- • Password — Enter cr@cker42 65
- Figure 5-33 Run sigcheck.exe 67
- Figure 5-36 Run MergeIDE 68
- Figure 5-37 Warning message 68
- Figure 5-38 Activate Windows 69
- Figure 5-39 Settings option 70
- Managing VM profiles 74
- View VM profiles 75
- Create VM profiles 76
- Figure 5-51 Shut down the VM 78
- Figure 5-53 79
- Edit VM profiles 80
- Delete VM profiles 80
- View the VM creation log 81
- Defense for malware analysis 83
- Terminologies 84
- Managing analyzer profiles 87
- View analyzer profiles 88
- Create analyzer profiles 89
- Integration with McAfee ePO 91
- Analyzing malware 100
- View the analysis results 102
- Analysis Results section 108
- Analysis Environment section 108
- Operations details section 109
- Disassembly Results 110
- Dropped files report 110
- Logic Path Graph 111
- User API Log 116
- Malware analysis monitors 118
- File Counters 119
- Files analyzed by File Type 119
- Analyzer Profile Usage 120
- Top malware by file name 120
- VM Creation Status monitor 121
- System Information 122
- Threat Defense 123
- CLI syntax 124
- Log on to the CLI 125
- Meaning of "?" 125
- Appliance 125
- List of CLI commands 126
Relacionado con productos y manuales para Redes McAfee QUICKCLEAN 3.0
(12 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.030 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales