McAfee QUICKCLEAN 3.0 User's Guide Page 110
- Page / 140
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
• Process operations: Details the process operation activities such as new process creation,
termination, new service creation, and code injection into other processes.
• Networking operations: Details networking operations such as DNS queries, TCP socket activities,
and HTTP file download.
• Other operations: Provides details of operations not belonging to these categories. Examples are
mutex signally objects, getting the system metric and configuration data of the analyzer VM.
Dropped files report
You can download a .zip file containing all the files that the sample created or touched during dynamic
analysis. You can download these files using one of the following methods.
•
In the Analysis Results page (Analysis | Analysis Results), click and select Dropped Files. Download the
dropfiles.zip file, which contains the files that the sample created in the sandbox. To use this
option, you must have enabled the Dropped Files option in the corresponding analyzer profile.
•
After you click
, select Complete Results. Download the <sample_name>.zip file. This .zip file
contains the same dropfiles.zip inside the AnalysisLog folder. The Complete Results contains the
dropfiles.zip regardless of whether you have enabled Dropped Files option in the corresponding
analyzer profile.
Disassembly Results
The Disassembly Results report provides the disassembly output listing for Portable Executable (PE)
files. This report is generated based on the sample file after the unpacking process has completed. It
provides detail information about the malware file such as, the PE header information.
The Disassembly Results report includes the following information:
• Date and time of the creation of the sample file
• File PE and Optional Header information
• Different section headers information
• The Intel disassembly listing
You can view the Disassembly Results report in the McAfee Advanced Threat Defense web application
or download it as a file to your client computer. The contents of the report are the same in both the
methods.
• To view the Disassembly Results report in the McAfee Advanced Threat Defense web application,
select Analysis | Analysis Results. In the Analysis Results page, click
and select Disassembly Results. To use
this option, you must have enabled the Disassembly Results option in the corresponding analyzer
profile.
•
To download the report as a file, click in the Analysis Results page and select Complete Results.
Download the <sample_name>.zip file. This .zip file contains a file named as <file
name>_detail.asm in the AnalysisLog folder. The Zip Report contains this .asm file regardless of
whether you have enabled Disassembly Results option in the corresponding analyzer profile.
The Disassembly Results report provides the assembler instructions along with any static standard
library call names like printf and Windows system DLL API call names embedded in the listing. If the
global variables such as string text are referenced in the code, these string texts are also listed.
7
Analyzing malware
View the analysis results
110
McAfee Advanced Threat Defense 3.0.4 Product Guide
- Product Guide 1
- COPYRIGHT 2
- TRADEMARK ATTRIBUTIONS 2
- LICENSE INFORMATION 2
- License Agreement 2
- Contents 3
- 5 Creating analyzer VM 41 4
- 7 Analyzing malware 97 4
- Index 139 5
- About this guide 7
- Find product documentation 8
- Advanced 9
- Malware detection and McAfee 10
- Advanced Threat Defense 10
- Web Gateway 14
- Defense Appliance 17
- Warnings and cautions 19
- Usage restrictions 19
- Unpack the shipment 20
- Check your shipment 20
- Port numbers 24
- Handling the front bezel 27
- Connect the network cable 28
- Defense web application 31
- Viewing user profiles 34
- Add users 35
- Figure 4-3 Add users 36
- Edit Users 37
- Delete Users 38
- Troubleshooting 39
- Delete the analysis results 40
- Creating analyzer VM 41
- • Confirm — Enter cr@cker42 45
- Processor Configuration 47
- Network Type 49
- Select I/O Controller Types 49
- Figure 5-12 Select a disk 50
- Select Write 58
- • Password — Enter cr@cker42 65
- Figure 5-33 Run sigcheck.exe 67
- Figure 5-36 Run MergeIDE 68
- Figure 5-37 Warning message 68
- Figure 5-38 Activate Windows 69
- Figure 5-39 Settings option 70
- Managing VM profiles 74
- View VM profiles 75
- Create VM profiles 76
- Figure 5-51 Shut down the VM 78
- Figure 5-53 79
- Edit VM profiles 80
- Delete VM profiles 80
- View the VM creation log 81
- Defense for malware analysis 83
- Terminologies 84
- Managing analyzer profiles 87
- View analyzer profiles 88
- Create analyzer profiles 89
- Integration with McAfee ePO 91
- Analyzing malware 100
- View the analysis results 102
- Analysis Results section 108
- Analysis Environment section 108
- Operations details section 109
- Disassembly Results 110
- Dropped files report 110
- Logic Path Graph 111
- User API Log 116
- Malware analysis monitors 118
- File Counters 119
- Files analyzed by File Type 119
- Analyzer Profile Usage 120
- Top malware by file name 120
- VM Creation Status monitor 121
- System Information 122
- Threat Defense 123
- CLI syntax 124
- Log on to the CLI 125
- Meaning of "?" 125
- Appliance 125
- List of CLI commands 126
Related products and manuals for Networking McAfee QUICKCLEAN 3.0
(12 pages)© 2020, manymanuals.com. All rights reserved. | 1.189 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals