Only the following operating systems are supported to create the analyzer VMs:
• Windows XP SP2 32-bit • Windows Server 2008 64-bit
• Windows XP SP3 32-bit • Windows 7 SP1 32-bit
• Windows Server 2003 SP1 32-bit • Windows 7 SP1 64-bit
• Windows Server 2003 SP2 32-bit • Android
The only pre-installed analyzer VM is an Android 2.3 VM. You must create analyzer VMs for
Windows. You can create different VMs based on your requirements. The number of analyzer VMs
that you can create is limited only by the disk space of the McAfee Advanced Threat Defense
Appliance. However, there is a limit as to how many of them can be used concurrently for analysis.
The number of concurrent licenses that you specify also affects the number of concurrent instances
for an analyzer VM.
• VM profile — After you upload the VM image (.vmdk file) to McAfee Advanced Threat Defense, you
associate each of them with a separate VM profile. A VM profile indicates what is installed in a VM
image and the number of concurrent licenses associated with that VM image. Using the VM image
and the information in the VM profile, McAfee Advanced Threat Defense creates the corresponding
number of analyzer VMs. For example, if you specify that you have 10 licenses for Windows XP SP2
32-bit, then McAfee Advanced Threat Defense understands that it can create up to 10 concurrent
VMs using the corresponding .vmdk file.
• Analyzer profile — This defines how to analyze a file and what to report. In an analyzer profile, you
configure the following:
• VM profile
• Analysis options
• Reports you wish to see after the analysis
• Password for zipped sample files
• Minimum and maximum execution time for dynamic analysis
You can create multiple analyzer profiles based on your requirements. For each McAfee Advanced
Threat Defense user, you must specify a default analyzer profile. This is the analyzer profile that is
used for all files uploaded by the user. Users who use the McAfee Advanced Threat Defense web
application to manually upload files for analysis, can choose a different analyzer profile at the time
of file upload. Always, the analyzer profile selected for a file takes precedence over the default
analyzer profile of the corresponding user.
Configuring McAfee Advanced Threat Defense for malware analysis
Terminologies
6
McAfee Advanced Threat Defense 3.0.4 Product Guide
85
Comments to this Manuals