McAfee QUICKCLEAN 3.0 User's Guide Page 85
- Page / 140
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
Only the following operating systems are supported to create the analyzer VMs:
• Windows XP SP2 32-bit • Windows Server 2008 64-bit
• Windows XP SP3 32-bit • Windows 7 SP1 32-bit
• Windows Server 2003 SP1 32-bit • Windows 7 SP1 64-bit
• Windows Server 2003 SP2 32-bit • Android
The only pre-installed analyzer VM is an Android 2.3 VM. You must create analyzer VMs for
Windows. You can create different VMs based on your requirements. The number of analyzer VMs
that you can create is limited only by the disk space of the McAfee Advanced Threat Defense
Appliance. However, there is a limit as to how many of them can be used concurrently for analysis.
The number of concurrent licenses that you specify also affects the number of concurrent instances
for an analyzer VM.
• VM profile — After you upload the VM image (.vmdk file) to McAfee Advanced Threat Defense, you
associate each of them with a separate VM profile. A VM profile indicates what is installed in a VM
image and the number of concurrent licenses associated with that VM image. Using the VM image
and the information in the VM profile, McAfee Advanced Threat Defense creates the corresponding
number of analyzer VMs. For example, if you specify that you have 10 licenses for Windows XP SP2
32-bit, then McAfee Advanced Threat Defense understands that it can create up to 10 concurrent
VMs using the corresponding .vmdk file.
• Analyzer profile — This defines how to analyze a file and what to report. In an analyzer profile, you
configure the following:
• VM profile
• Analysis options
• Reports you wish to see after the analysis
• Password for zipped sample files
• Minimum and maximum execution time for dynamic analysis
You can create multiple analyzer profiles based on your requirements. For each McAfee Advanced
Threat Defense user, you must specify a default analyzer profile. This is the analyzer profile that is
used for all files uploaded by the user. Users who use the McAfee Advanced Threat Defense web
application to manually upload files for analysis, can choose a different analyzer profile at the time
of file upload. Always, the analyzer profile selected for a file takes precedence over the default
analyzer profile of the corresponding user.
Configuring McAfee Advanced Threat Defense for malware analysis
Terminologies
6
McAfee Advanced Threat Defense 3.0.4 Product Guide
85
- Product Guide 1
- COPYRIGHT 2
- TRADEMARK ATTRIBUTIONS 2
- LICENSE INFORMATION 2
- License Agreement 2
- Contents 3
- 5 Creating analyzer VM 41 4
- 7 Analyzing malware 97 4
- Index 139 5
- About this guide 7
- Find product documentation 8
- Advanced 9
- Malware detection and McAfee 10
- Advanced Threat Defense 10
- Web Gateway 14
- Defense Appliance 17
- Warnings and cautions 19
- Usage restrictions 19
- Unpack the shipment 20
- Check your shipment 20
- Port numbers 24
- Handling the front bezel 27
- Connect the network cable 28
- Defense web application 31
- Viewing user profiles 34
- Add users 35
- Figure 4-3 Add users 36
- Edit Users 37
- Delete Users 38
- Troubleshooting 39
- Delete the analysis results 40
- Creating analyzer VM 41
- • Confirm — Enter cr@cker42 45
- Processor Configuration 47
- Network Type 49
- Select I/O Controller Types 49
- Figure 5-12 Select a disk 50
- Select Write 58
- • Password — Enter cr@cker42 65
- Figure 5-33 Run sigcheck.exe 67
- Figure 5-36 Run MergeIDE 68
- Figure 5-37 Warning message 68
- Figure 5-38 Activate Windows 69
- Figure 5-39 Settings option 70
- Managing VM profiles 74
- View VM profiles 75
- Create VM profiles 76
- Figure 5-51 Shut down the VM 78
- Figure 5-53 79
- Edit VM profiles 80
- Delete VM profiles 80
- View the VM creation log 81
- Defense for malware analysis 83
- Terminologies 84
- Managing analyzer profiles 87
- View analyzer profiles 88
- Create analyzer profiles 89
- Integration with McAfee ePO 91
- Analyzing malware 100
- View the analysis results 102
- Analysis Results section 108
- Analysis Environment section 108
- Operations details section 109
- Disassembly Results 110
- Dropped files report 110
- Logic Path Graph 111
- User API Log 116
- Malware analysis monitors 118
- File Counters 119
- Files analyzed by File Type 119
- Analyzer Profile Usage 120
- Top malware by file name 120
- VM Creation Status monitor 121
- System Information 122
- Threat Defense 123
- CLI syntax 124
- Log on to the CLI 125
- Meaning of "?" 125
- Appliance 125
- List of CLI commands 126
Related products and manuals for Networking McAfee QUICKCLEAN 3.0
(12 pages)© 2020, manymanuals.com. All rights reserved. | 0.259 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals