McAfee QUICKCLEAN 3.0 Guía de usuario Pagina 90
- Pagina / 140
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
2
Enter the appropriate information in the respective fields.
Option name Definition
Name
Enter the name for the analyzer profile. It should allow you to easily identify
the characteristics of that analyzer profile.
Description
Optionally, provide a detailed description of the analyzer profile.
VM Profile
Select the VM profile McAfee Advanced Threat Defense must use for
dynamically analyzing a file.
Automatically Select
OS
If you want McAfee Advanced Threat Defense to automatically select the VM
profile for Windows 32 bit and Windows 64 bit, select Enable and then select
the VM profiles from the Windows 32-bit VM Profile and Windows 64-bit VM Profile.
Archive Password
Enter the password for McAfee Advanced Threat Defense to unzip a
password-protected malware sample.
Confirm Password
Re-enter the password for confirmation.
Minimum Run Time
(sec)
Specify the minimum time duration for which McAfee Advanced Threat
Defense should dynamically analyze the sample. The default value is 60
seconds. If the file stops executing before this time period, the dynamic
analysis is stopped.
Maximum Run Time
(sec)
Specify the maximum time duration for which McAfee Advanced Threat
Defense should dynamically analyze the sample. If the file does not stop
execution before this time period expires, the dynamic analysis is stopped.
Analysis Summary
Select to include the Analysis Summary report in the analysis results. See
View the Analysis Summary report on page 104.
Packet captures
Select to capture the network packets if the file attempts to communicate
during dynamic analysis.
Dropped Files
Select to generate the Files Created in Sandbox report. See Dropped files
report on page 110.
Disassembly Results
Select if you want McAfee Advanced Threat Defense to generate the
disassembly code of PE files. See Disassembly Results on page 110.
Execution Path Data
Select to generate Execution Path Listing report. See Logic Path Graph on
page 111.
User API Log
This report provides Windows user-level DLL API calls made directly by the
malware sample during dynamic analysis. See User API Log on page 116.
Local Black List
Select if you want McAfee Advanced Threat Defense to check the file's MD5
hash value with the list of black-listed MD5 hash values in its local database.
Anti-Malware
Select if you want McAfee Advanced Threat Defense to scan the file using
McAfee Anti-Malware Engine.
GTI File Reputation
Select if you want McAfee Advanced Threat Defense to check the file's MD5
hash value with McAfee GTI. Make sure McAfee Advanced Threat Defense is
able to communicate with McAfee GTI, which is on the cloud.
Gateway Anti-Malware
Select if you want McAfee Advanced Threat Defense to check the file using
McAfee Gateway Anti-Malware Engine.
Sandbox
Select if you want the file to be dynamically analyzed. A file is not dynamically
analyzed if any of the static methods report it as a malware or a white-listed
file. If you want to dynamically analyze the file regardless of the result from
static analysis, select Run All Selected as well.
Make sure you have selected the VM profile and the Runtime Parameters.
Run All Selected
Select if you want McAfee Advanced Threat Defense to analyze the file using
all the selected analyze options regardless of the result from any specific
method.
6
Configuring McAfee Advanced Threat Defense for malware analysis
Managing analyzer profiles
90
McAfee Advanced Threat Defense 3.0.4 Product Guide
- Product Guide 1
- COPYRIGHT 2
- TRADEMARK ATTRIBUTIONS 2
- LICENSE INFORMATION 2
- License Agreement 2
- Contents 3
- 5 Creating analyzer VM 41 4
- 7 Analyzing malware 97 4
- Index 139 5
- About this guide 7
- Find product documentation 8
- Advanced 9
- Malware detection and McAfee 10
- Advanced Threat Defense 10
- Web Gateway 14
- Defense Appliance 17
- Warnings and cautions 19
- Usage restrictions 19
- Unpack the shipment 20
- Check your shipment 20
- Port numbers 24
- Handling the front bezel 27
- Connect the network cable 28
- Defense web application 31
- Viewing user profiles 34
- Add users 35
- Figure 4-3 Add users 36
- Edit Users 37
- Delete Users 38
- Troubleshooting 39
- Delete the analysis results 40
- Creating analyzer VM 41
- • Confirm — Enter cr@cker42 45
- Processor Configuration 47
- Network Type 49
- Select I/O Controller Types 49
- Figure 5-12 Select a disk 50
- Select Write 58
- • Password — Enter cr@cker42 65
- Figure 5-33 Run sigcheck.exe 67
- Figure 5-36 Run MergeIDE 68
- Figure 5-37 Warning message 68
- Figure 5-38 Activate Windows 69
- Figure 5-39 Settings option 70
- Managing VM profiles 74
- View VM profiles 75
- Create VM profiles 76
- Figure 5-51 Shut down the VM 78
- Figure 5-53 79
- Edit VM profiles 80
- Delete VM profiles 80
- View the VM creation log 81
- Defense for malware analysis 83
- Terminologies 84
- Managing analyzer profiles 87
- View analyzer profiles 88
- Create analyzer profiles 89
- Integration with McAfee ePO 91
- Analyzing malware 100
- View the analysis results 102
- Analysis Results section 108
- Analysis Environment section 108
- Operations details section 109
- Disassembly Results 110
- Dropped files report 110
- Logic Path Graph 111
- User API Log 116
- Malware analysis monitors 118
- File Counters 119
- Files analyzed by File Type 119
- Analyzer Profile Usage 120
- Top malware by file name 120
- VM Creation Status monitor 121
- System Information 122
- Threat Defense 123
- CLI syntax 124
- Log on to the CLI 125
- Meaning of "?" 125
- Appliance 125
- List of CLI commands 126
Relacionado con productos y manuales para Redes McAfee QUICKCLEAN 3.0
(12 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.028 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales