McAfee QUICKCLEAN 3.0 User's Guide Page 109
- Page / 140
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
• On the right-hand side, a table provides the properties of the file. This includes information such
as:
• Signed or unsigned for the digital signature of the file.
• Publisher's name if available.
• Version details
• Original name of the file so that you can search other sources such as the web.
• Baitexe process infected or not. At the end of each analysis McAfee Advanced Threat Defense
creates an additional bait process called Baitexe. This Baitexe program calls two APIs (beep and
sleep) only continuously. If this Baitexe process is infected by the previously executed sample, the
behavior of Baitexe is different. In this case, a message Baitexe activated and infected is displayed.
If the Baitexe process is not infected at all, the message Baitexe activated but not infected is
displayed.
Classification / threat score section
This is a section in the Analysis Summary report, which provides the severity scores for various
characteristics of a typical malware.
Table 7-8 Classification / threat score section
Label Description
Persistence, Installation Boot
Survival
Some malware have the capability to remain on the infected host. This is
referred to as persistence. Installation boot survival refers to the capability
of the malware to sustain even after a restart.
Hiding, Camouflage,
Stealthness, Detection and
Removal Protection
This refers to the capability of the malware to evade detection and removal.
Security Solution /
Mechanism bypass,
termination and removal, Anti
Debugging, VM Detection
This refers to the capability of the malware to bypass or mislead detecting
methods and engines. Some malware has anti-disassembly code, which can
confuse or delay malware analysis. Some malware attempt to determine if
they are being executed in a sandbox. If true, they might take a different
execution path. This score indicates the presence of such code in the
malware.
Spreading
Indicates the capability of the malware to spread across the network.
Exploiting, Shellcode
Indicates the presence of shellcode that can exploit a running program.
Networking
Indicates the network-related behavior of the malware during dynamic
analysis. For example, the malware might have triggered DNS queries or
created sockets. If there is a severity score provided for this characteristic,
correlate with the Network Operations details for the files in the sample.
Data spying, Sniffing,
Keylogging, Ebanking Fraud
Indicates if the malware is capable of any such behaviors.
Operations details section
This section provides the details of every operation performed by a file during dynamic analysis.
Separate sections are provided for every file that was executed as part of the sample.
• Run-time DLLs: Lists all the DLLs and their paths that were called by a file in runtime.
• File operations: Lists file operation activities like creation, open, query, modification, copy, move,
deletion, and directory creation/deletion operations. This section also lists the file attributes and
the MD5 hash value for the files.
• Registry operations: Provides the details of Windows registry operation activities like creation/open,
deletion, modification, and query on registry sub-key and key entry.
Analyzing malware
View the analysis results
7
McAfee Advanced Threat Defense 3.0.4 Product Guide
109
- Product Guide 1
- COPYRIGHT 2
- TRADEMARK ATTRIBUTIONS 2
- LICENSE INFORMATION 2
- License Agreement 2
- Contents 3
- 5 Creating analyzer VM 41 4
- 7 Analyzing malware 97 4
- Index 139 5
- About this guide 7
- Find product documentation 8
- Advanced 9
- Malware detection and McAfee 10
- Advanced Threat Defense 10
- Web Gateway 14
- Defense Appliance 17
- Warnings and cautions 19
- Usage restrictions 19
- Unpack the shipment 20
- Check your shipment 20
- Port numbers 24
- Handling the front bezel 27
- Connect the network cable 28
- Defense web application 31
- Viewing user profiles 34
- Add users 35
- Figure 4-3 Add users 36
- Edit Users 37
- Delete Users 38
- Troubleshooting 39
- Delete the analysis results 40
- Creating analyzer VM 41
- • Confirm — Enter cr@cker42 45
- Processor Configuration 47
- Network Type 49
- Select I/O Controller Types 49
- Figure 5-12 Select a disk 50
- Select Write 58
- • Password — Enter cr@cker42 65
- Figure 5-33 Run sigcheck.exe 67
- Figure 5-36 Run MergeIDE 68
- Figure 5-37 Warning message 68
- Figure 5-38 Activate Windows 69
- Figure 5-39 Settings option 70
- Managing VM profiles 74
- View VM profiles 75
- Create VM profiles 76
- Figure 5-51 Shut down the VM 78
- Figure 5-53 79
- Edit VM profiles 80
- Delete VM profiles 80
- View the VM creation log 81
- Defense for malware analysis 83
- Terminologies 84
- Managing analyzer profiles 87
- View analyzer profiles 88
- Create analyzer profiles 89
- Integration with McAfee ePO 91
- Analyzing malware 100
- View the analysis results 102
- Analysis Results section 108
- Analysis Environment section 108
- Operations details section 109
- Disassembly Results 110
- Dropped files report 110
- Logic Path Graph 111
- User API Log 116
- Malware analysis monitors 118
- File Counters 119
- Files analyzed by File Type 119
- Analyzer Profile Usage 120
- Top malware by file name 120
- VM Creation Status monitor 121
- System Information 122
- Threat Defense 123
- CLI syntax 124
- Log on to the CLI 125
- Meaning of "?" 125
- Appliance 125
- List of CLI commands 126
Related products and manuals for Networking McAfee QUICKCLEAN 3.0
(12 pages)© 2020, manymanuals.com. All rights reserved. | 0.737 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals