McAfee QUICKCLEAN 3.0 Guía de usuario Pagina 41
- Pagina / 140
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
5
Creating analyzer VM
For dynamic analysis, McAfee Advanced Threat Defense executes a suspicious file in a secure virtual
machine (VM) and monitors its behavior for malicious activities. This VM is referred to as an analyzer
VM. This chapter provides the steps for creating an analyzer VM and the VM profile.
Any security software or low-level utility tool on an analyzer VM, might interfere with the dynamic
analysis of the sample file. The sample-file execution might itself be terminated during dynamic
analysis. As a result, the reports might not capture the full behavior of the sample file. If you need to
find out the complete behavior of a sample file, do not patch the operating system of the analyzer VM or
install any security software on it. If you need to find out the effect of the sample file specific to your
network, use your Common Operating Environment (COE) image, with the regular security software, to
create the analyzer VMs.
The high-level steps for creating an analyzer VM and the VM profile are as follows:
1
Create an ISO image of the corresponding operating system. You must also have the license key
for that operating system. For example, to create an Windows 7 analyzer VM, you must have an
ISO image of Windows 7 and the license key.
You can create analyzer VMs running on the following operating systems:
• Microsoft Windows XP Service Pack 2
• Microsoft Windows XP Service Pack 3
• Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 Service Pack 2
• Microsoft Windows Server 2008 64-bit Service Pack 1
• Microsoft Windows 7 32-bit Service Pack 1
• Microsoft Windows 7 64-bit Service Pack 1
The analyzer VM for Android is available by default.
2
Using VMware Workstation 9.0, create a Virtual Machine Disk (VMDK) file of the ISO image. After
you create the VM, you can install the required applications such as:
• Internet Explorer versions 6, 7, 8, 9, and 10.
• Firefox versions 11, 12, and 13.
• Microsoft Office versions 2003, 2007, 2010, or 2013.
• Adobe Reader version 8, 9, or 10.
3
Import the VMDK file into the McAfee Advanced Threat Defense Appliance.
4
Convert the VMDK file into an image (.img) file.
5
Create the VM and the VM profile.
5
McAfee Advanced Threat Defense 3.0.4 Product Guide
41
- Product Guide 1
- COPYRIGHT 2
- TRADEMARK ATTRIBUTIONS 2
- LICENSE INFORMATION 2
- License Agreement 2
- Contents 3
- 5 Creating analyzer VM 41 4
- 7 Analyzing malware 97 4
- Index 139 5
- About this guide 7
- Find product documentation 8
- Advanced 9
- Malware detection and McAfee 10
- Advanced Threat Defense 10
- Web Gateway 14
- Defense Appliance 17
- Warnings and cautions 19
- Usage restrictions 19
- Unpack the shipment 20
- Check your shipment 20
- Port numbers 24
- Handling the front bezel 27
- Connect the network cable 28
- Defense web application 31
- Viewing user profiles 34
- Add users 35
- Figure 4-3 Add users 36
- Edit Users 37
- Delete Users 38
- Troubleshooting 39
- Delete the analysis results 40
- Creating analyzer VM 41
- • Confirm — Enter cr@cker42 45
- Processor Configuration 47
- Network Type 49
- Select I/O Controller Types 49
- Figure 5-12 Select a disk 50
- Select Write 58
- • Password — Enter cr@cker42 65
- Figure 5-33 Run sigcheck.exe 67
- Figure 5-36 Run MergeIDE 68
- Figure 5-37 Warning message 68
- Figure 5-38 Activate Windows 69
- Figure 5-39 Settings option 70
- Managing VM profiles 74
- View VM profiles 75
- Create VM profiles 76
- Figure 5-51 Shut down the VM 78
- Figure 5-53 79
- Edit VM profiles 80
- Delete VM profiles 80
- View the VM creation log 81
- Defense for malware analysis 83
- Terminologies 84
- Managing analyzer profiles 87
- View analyzer profiles 88
- Create analyzer profiles 89
- Integration with McAfee ePO 91
- Analyzing malware 100
- View the analysis results 102
- Analysis Results section 108
- Analysis Environment section 108
- Operations details section 109
- Disassembly Results 110
- Dropped files report 110
- Logic Path Graph 111
- User API Log 116
- Malware analysis monitors 118
- File Counters 119
- Files analyzed by File Type 119
- Analyzer Profile Usage 120
- Top malware by file name 120
- VM Creation Status monitor 121
- System Information 122
- Threat Defense 123
- CLI syntax 124
- Log on to the CLI 125
- Meaning of "?" 125
- Appliance 125
- List of CLI commands 126
Relacionado con productos y manuales para Redes McAfee QUICKCLEAN 3.0
(12 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.027 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales