McAfee QUICKCLEAN 3.0 User's Guide Page 84
- Page / 140
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
analysis. For static analysis, McAfee Advanced Threat Defense uses the following resources and in
the same order:
• Local whitelist — This is the list of MD5 hash values of trusted files, which need not be analyzed.
This whitelist is based on the McAfee
®
Application Control database that is used by other
solutions in the McAfee suite. This has over 230,000,000 entries.
The whitelist feature is enabled by default. To disable it, use the setwhitelist command. There
are commands to manage the entries in the whitelist. The static McAfee
®
Application Control
database cannot be modified. However, you can add or delete entries based on file hash. You
can also query the whitelist for a certain file hash to see if it has been added to the database.
The McAfee products that submit files to McAfee Advanced Threat Defense do have the
capability to perform custom whitelisting as well. This includes the McAfee Web Gateway and
the McAfee Network Security Platform
See whitelist on page 137 for the commands.
• Local blacklist — This is the list of MD5 hash values of known malware stored in the McAfee
Advanced Threat Defense database. When McAfee Advanced Threat Defense detects a malware
through its heuristic McAfee Gateway Anti-Malware engine or through dynamic analysis, it
updates the local blacklist with the file's MD5 hash value. A file is added to this list automatically
only when its malware severity as determined by McAfee Advanced Threat Defense is medium,
high, or very high. There are commands to manage the entries in the blacklist.
See Blacklist on page 126 for the commands.
• McAfee GTI — This is a global threat correlation engine and intelligence base of global messaging
and communication behavior, which enables the protection of the customers against both known
and emerging electronic threats across all threat areas. The communication behavior includes
the reputation, volume, and network traffic patterns. McAfee Advanced Threat Defense uses
both the IP Reputation and File Reputation features of GTI.
• Gateway Anti-Malware — McAfee Gateway Anti-Malware Engine analyzes the behavior of web sites,
web site code, and downloaded Web 2.0 content in real time to preemptively detect and block
malicious web attacks. It protects businesses from modern blended attacks, including viruses,
worms, adware, spyware, riskware, and other crimeware threats, without relying on virus
signatures.
McAfee Gateway Anti-Malware Engine is embedded within McAfee Advanced Threat Defense to
provide real-time malware detection.
• Anti-Malware — McAfee Anti-Malware Engine is embedded within McAfee Advanced Threat Defense.
The DAT is updated either manually or automatically based on the network connectivity of
McAfee Advanced Threat Defense.
• Dynamic analysis — In this case, McAfee Advanced Threat Defense executes the file in a secure VM and
monitors its behavior to check how malicious the file is. At the end of the analysis, it provides a
detailed report as required by the user. McAfee Advanced Threat Defense does dynamic analysis
after the static analysis is done. By default, if static analysis identifies the malware, McAfee
Advanced Threat Defense does not perform dynamic analysis. However, you can configure McAfee
Advanced Threat Defense to perform dynamic analysis regardless of the results from static
analysis. You can also configure only dynamic analysis without static analysis. Dynamic analysis
includes the disassembly listing feature of McAfee Advanced Threat Defense as well. This feature
can generate the disassembly code of PE files for you to analyze the sample further.
• Analyzer VM — This is the virtual machine on the McAfee Advanced Threat Defense that is used for
dynamic analysis. To create the analyzer VMs, you need to create the VMDK file with the required
operating system and applications. Then, using SFTP, you import this file into the McAfee Advanced
Threat Defense Appliance.
6
Configuring McAfee Advanced Threat Defense for malware analysis
Terminologies
84
McAfee Advanced Threat Defense 3.0.4 Product Guide
- Product Guide 1
- COPYRIGHT 2
- TRADEMARK ATTRIBUTIONS 2
- LICENSE INFORMATION 2
- License Agreement 2
- Contents 3
- 5 Creating analyzer VM 41 4
- 7 Analyzing malware 97 4
- Index 139 5
- About this guide 7
- Find product documentation 8
- Advanced 9
- Malware detection and McAfee 10
- Advanced Threat Defense 10
- Web Gateway 14
- Defense Appliance 17
- Warnings and cautions 19
- Usage restrictions 19
- Unpack the shipment 20
- Check your shipment 20
- Port numbers 24
- Handling the front bezel 27
- Connect the network cable 28
- Defense web application 31
- Viewing user profiles 34
- Add users 35
- Figure 4-3 Add users 36
- Edit Users 37
- Delete Users 38
- Troubleshooting 39
- Delete the analysis results 40
- Creating analyzer VM 41
- • Confirm — Enter cr@cker42 45
- Processor Configuration 47
- Network Type 49
- Select I/O Controller Types 49
- Figure 5-12 Select a disk 50
- Select Write 58
- • Password — Enter cr@cker42 65
- Figure 5-33 Run sigcheck.exe 67
- Figure 5-36 Run MergeIDE 68
- Figure 5-37 Warning message 68
- Figure 5-38 Activate Windows 69
- Figure 5-39 Settings option 70
- Managing VM profiles 74
- View VM profiles 75
- Create VM profiles 76
- Figure 5-51 Shut down the VM 78
- Figure 5-53 79
- Edit VM profiles 80
- Delete VM profiles 80
- View the VM creation log 81
- Defense for malware analysis 83
- Terminologies 84
- Managing analyzer profiles 87
- View analyzer profiles 88
- Create analyzer profiles 89
- Integration with McAfee ePO 91
- Analyzing malware 100
- View the analysis results 102
- Analysis Results section 108
- Analysis Environment section 108
- Operations details section 109
- Disassembly Results 110
- Dropped files report 110
- Logic Path Graph 111
- User API Log 116
- Malware analysis monitors 118
- File Counters 119
- Files analyzed by File Type 119
- Analyzer Profile Usage 120
- Top malware by file name 120
- VM Creation Status monitor 121
- System Information 122
- Threat Defense 123
- CLI syntax 124
- Log on to the CLI 125
- Meaning of "?" 125
- Appliance 125
- List of CLI commands 126
Related products and manuals for Networking McAfee QUICKCLEAN 3.0
(12 pages)© 2020, manymanuals.com. All rights reserved. | 1.525 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals