McAfee QUICKCLEAN 3.0 User's Guide Page 86
- Page / 140
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
To dynamically analyze a file, the corresponding user must have the VM profile specified in the
user's analyzer profile. This is how the user indicates the environment in which McAfee Advanced
Threat Defense should execute the file. You can also specify a default Windows 32-bit and a 64-bit
VM profile.
• User — A McAfee Advanced Threat Defense user is one who has the required permissions to submit
files to McAfee Advanced Threat Defense for analysis and view the results. In case of manual
submission, a user could use the McAfee Advanced Threat Defense web application or an FTP client.
In case of automatic submission, you integrate McAfee products such as McAfee Network Security
Platform or McAfee Web Gateway with McAfee Advanced Threat Defense. Then when these
products detect a file download, they automatically submit the file to McAfee Advanced Threat
Defense before allowing the download to complete. So, for these products default user profiles are
available in McAfee Advanced Threat Defense.
For each user, you define the default analyzer profile, which in turn can contain the VM profile. If
you use the McAfee Advanced Threat Defense for uploading files for analysis, you can override this
default profile at the time of file submission. For other users, McAfee Advanced Threat Defense
uses the default profiles.
High-level steps for configuring malware analysis
This section provides the high-level steps on how to configure McAfee Advanced Threat Defense for
malware analysis and reporting:
Figure 6-1 Summarized steps for configuring malware analysis
1
Set up the McAfee Advanced Threat Defense Appliance and ensure that it is up and running.
• Based on your deployment option, make sure the McAfee Advanced Threat Defense Appliance
has the required network connections. For example, if you integrate it with Network Security
Platform, make sure the Sensor, Manager, and the McAfee Advanced Threat Defense Appliance
are able to communicate with each other.
• Make sure the required static analysis modules, such as the McAfee Gateway Anti-Malware
Engine are up-to-date.
2
Create the analyzer VMs and the VM profiles. See Creating analyzer VM on page 4.
3
Create the analyzer profiles that you need. See Managing analyzer profiles on page 87.
4
If you want McAfee Advanced Threat Defense to upload the results to an FTP server, configure it
and have the details with you before you create the profiles for the corresponding users.
5
Create the required user profiles. See Add users on page 35.
6
Log on to McAfee Advanced Threat Defense web application using the credentials of a user you
created and upload a sample file for analysis. This is to check if you have configured McAfee
Advanced Threat Defense as required. See Upload files for analysis using McAfee Advanced Threat
Defense web application on page 97.
6
Configuring McAfee Advanced Threat Defense for malware analysis
High-level steps for configuring malware analysis
86
McAfee Advanced Threat Defense 3.0.4 Product Guide
- Product Guide 1
- COPYRIGHT 2
- TRADEMARK ATTRIBUTIONS 2
- LICENSE INFORMATION 2
- License Agreement 2
- Contents 3
- 5 Creating analyzer VM 41 4
- 7 Analyzing malware 97 4
- Index 139 5
- About this guide 7
- Find product documentation 8
- Advanced 9
- Malware detection and McAfee 10
- Advanced Threat Defense 10
- Web Gateway 14
- Defense Appliance 17
- Warnings and cautions 19
- Usage restrictions 19
- Unpack the shipment 20
- Check your shipment 20
- Port numbers 24
- Handling the front bezel 27
- Connect the network cable 28
- Defense web application 31
- Viewing user profiles 34
- Add users 35
- Figure 4-3 Add users 36
- Edit Users 37
- Delete Users 38
- Troubleshooting 39
- Delete the analysis results 40
- Creating analyzer VM 41
- • Confirm — Enter cr@cker42 45
- Processor Configuration 47
- Network Type 49
- Select I/O Controller Types 49
- Figure 5-12 Select a disk 50
- Select Write 58
- • Password — Enter cr@cker42 65
- Figure 5-33 Run sigcheck.exe 67
- Figure 5-36 Run MergeIDE 68
- Figure 5-37 Warning message 68
- Figure 5-38 Activate Windows 69
- Figure 5-39 Settings option 70
- Managing VM profiles 74
- View VM profiles 75
- Create VM profiles 76
- Figure 5-51 Shut down the VM 78
- Figure 5-53 79
- Edit VM profiles 80
- Delete VM profiles 80
- View the VM creation log 81
- Defense for malware analysis 83
- Terminologies 84
- Managing analyzer profiles 87
- View analyzer profiles 88
- Create analyzer profiles 89
- Integration with McAfee ePO 91
- Analyzing malware 100
- View the analysis results 102
- Analysis Results section 108
- Analysis Environment section 108
- Operations details section 109
- Disassembly Results 110
- Dropped files report 110
- Logic Path Graph 111
- User API Log 116
- Malware analysis monitors 118
- File Counters 119
- Files analyzed by File Type 119
- Analyzer Profile Usage 120
- Top malware by file name 120
- VM Creation Status monitor 121
- System Information 122
- Threat Defense 123
- CLI syntax 124
- Log on to the CLI 125
- Meaning of "?" 125
- Appliance 125
- List of CLI commands 126
Related products and manuals for Networking McAfee QUICKCLEAN 3.0
(12 pages)© 2020, manymanuals.com. All rights reserved. | 0.199 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals