McAfee QUICKCLEAN 3.0 Guía de usuario Pagina 87
- Pagina / 140
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
7
In the Analysis Status page, monitor the status of the analysis. See Monitor the status of malware
analysis on page 100
8
After the analysis is complete, view the report in the Analysis Results page. See View the analysis
results on page 102.
How McAfee Advanced Threat Defense analyzes malware?
This section explains a typical workflow when McAfee Advanced Threat Defense analyzes files for
malware.
Consider that you have uploaded a file manually using McAfee Advanced Threat Defense web
application:
1
Assuming the file format is supported, McAfee Advanced Threat Defense unpacks the file and
calculates the MD5 hash value.
2
McAfee Advanced Threat Defense applies the analyzer profile that you specified during file upload.
3
Based on the configuration in the analyzer profile, it determines the modules to use for static
analysis and checks the file against those modules.
4
If the file is found to be malicious during static analysis, McAfee Advanced Threat Defense stops
further analysis and generates the required reports. This, however, depends on how you have
configured the corresponding analyzer profile.
5
If the static analysis does not report any malware or if you had configured McAfee Advanced Threat
Defense to perform dynamic analysis regardless of the results from static analysis, McAfee
Advanced Threat Defense initiates dynamic analysis for the file.
6
It executes the file in the corresponding analyzer VMs and records every behavior. The analyzer VM
is determined based on the VM profile in the analyzer profile.
7
If the file is fully executed or if the maximum execution period expires, McAfee Advanced Threat
Defense prepares the required reports.
8
After dynamic analysis is complete, it sets the analyzer VMs to their baseline version so that they
can be used for the next file in queue.
Managing analyzer profiles
When a file is manually or automatically submitted to McAfee Advanced Threat Defense for analysis, it
uses the corresponding analyzer profile to determine how the file needs to be analyzed and what
needs to be reported in the analysis results. You specify the VM profile in the analyzer profile. You also
define how the file is to be analyzed for malware and the reports to be published. Thus, an analyzer
profile contains all the critical user-configuration on how to analyze a file.
Configuring McAfee Advanced Threat Defense for malware analysis
How McAfee Advanced Threat Defense analyzes malware?
6
McAfee Advanced Threat Defense 3.0.4 Product Guide
87
- Product Guide 1
- COPYRIGHT 2
- TRADEMARK ATTRIBUTIONS 2
- LICENSE INFORMATION 2
- License Agreement 2
- Contents 3
- 5 Creating analyzer VM 41 4
- 7 Analyzing malware 97 4
- Index 139 5
- About this guide 7
- Find product documentation 8
- Advanced 9
- Malware detection and McAfee 10
- Advanced Threat Defense 10
- Web Gateway 14
- Defense Appliance 17
- Warnings and cautions 19
- Usage restrictions 19
- Unpack the shipment 20
- Check your shipment 20
- Port numbers 24
- Handling the front bezel 27
- Connect the network cable 28
- Defense web application 31
- Viewing user profiles 34
- Add users 35
- Figure 4-3 Add users 36
- Edit Users 37
- Delete Users 38
- Troubleshooting 39
- Delete the analysis results 40
- Creating analyzer VM 41
- • Confirm — Enter cr@cker42 45
- Processor Configuration 47
- Network Type 49
- Select I/O Controller Types 49
- Figure 5-12 Select a disk 50
- Select Write 58
- • Password — Enter cr@cker42 65
- Figure 5-33 Run sigcheck.exe 67
- Figure 5-36 Run MergeIDE 68
- Figure 5-37 Warning message 68
- Figure 5-38 Activate Windows 69
- Figure 5-39 Settings option 70
- Managing VM profiles 74
- View VM profiles 75
- Create VM profiles 76
- Figure 5-51 Shut down the VM 78
- Figure 5-53 79
- Edit VM profiles 80
- Delete VM profiles 80
- View the VM creation log 81
- Defense for malware analysis 83
- Terminologies 84
- Managing analyzer profiles 87
- View analyzer profiles 88
- Create analyzer profiles 89
- Integration with McAfee ePO 91
- Analyzing malware 100
- View the analysis results 102
- Analysis Results section 108
- Analysis Environment section 108
- Operations details section 109
- Disassembly Results 110
- Dropped files report 110
- Logic Path Graph 111
- User API Log 116
- Malware analysis monitors 118
- File Counters 119
- Files analyzed by File Type 119
- Analyzer Profile Usage 120
- Top malware by file name 120
- VM Creation Status monitor 121
- System Information 122
- Threat Defense 123
- CLI syntax 124
- Log on to the CLI 125
- Meaning of "?" 125
- Appliance 125
- List of CLI commands 126
Relacionado con productos y manuales para Redes McAfee QUICKCLEAN 3.0
(12 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.023 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales