McAfee QUICKCLEAN 3.0 User's Guide Page 98
- Page / 140
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
Table 7-1 Option definitions
Option Definition
File
Either drag and drop the malware file from Windows Explorer or click Browse and select
the file. If you want to submit multiple files, upload them in a .zip file.
• If you are uploading a password-protected .zip file, make sure you have provided
the password in the analyzer profile that you want to use for analysis.
• If dynamic analysis is required, the files in the .zip file are executed on different
instances of the analyzer VM. If enough analyzer VMs are not available, some of the
files are in pipeline until analyzer VMs are available.
• Because the files in the .zip file are analyzed separately, separate reports are
created for each file.
Analyzer
Profile
Select the required analyzer profile for the sample.
Advanced
Click to specify additional parameters for analyzing the sample.
The Advanced options are available only when you manually submit the file using McAfee
Advanced Threat Defense web application.
• Region: In some cases, the behavior of a file might vary based on the geographical
location of the target system. For example, malware from a rogue nation might not
cause any harm to computers in its own country or that of its friends. Select the
country if you want to analyze the malware in relation to location.
You cannot modify the list of countries. This list might be updated when you
upgrade McAfee Advanced Threat Defense software.
• User Interactive Mode: Upon execution, some malware require user input. This is typically
done to check if the malware is being analyzed in a sandbox. In the absence of user
input, the malware might take an alternative execution path or even might suspend
further execution.
If you select this option, you can access the actual analyzer VM on which the
malware is executed and provide the required input. See Upload files for analysis in
user-interactive mode on page 98.
After you made the required selections, click OK.
Submit
Click to upload the file to McAfee Advanced Threat Defense for analysis.
Tasks
• Upload files for analysis in user-interactive mode on page 98
Upload files for analysis in user-interactive mode
Before you begin
You have created the required analyzer profile that you want to use.
When being executed, some files might open dialog boxes, where you might be required to make a
selection. Malware demonstrates such behavior to determine if they are being executed in a sandbox.
The behavior of the malware might vary based on your intervention. When you submit files in this
mode, the analyzer VM is opened in a pop-up window on your client computer and you can make the
required selections when prompted
You can upload files to be executed in the user-interactive mode. This option is available only when
you manually upload a file using the McAfee Advanced Threat Defense web application. For files
submitted by other methods, such as FTP upload and files submitted by Network Security Platform,
7
Analyzing malware
Upload files for analysis using McAfee Advanced Threat Defense web application
98
McAfee Advanced Threat Defense 3.0.4 Product Guide
- Product Guide 1
- COPYRIGHT 2
- TRADEMARK ATTRIBUTIONS 2
- LICENSE INFORMATION 2
- License Agreement 2
- Contents 3
- 5 Creating analyzer VM 41 4
- 7 Analyzing malware 97 4
- Index 139 5
- About this guide 7
- Find product documentation 8
- Advanced 9
- Malware detection and McAfee 10
- Advanced Threat Defense 10
- Web Gateway 14
- Defense Appliance 17
- Warnings and cautions 19
- Usage restrictions 19
- Unpack the shipment 20
- Check your shipment 20
- Port numbers 24
- Handling the front bezel 27
- Connect the network cable 28
- Defense web application 31
- Viewing user profiles 34
- Add users 35
- Figure 4-3 Add users 36
- Edit Users 37
- Delete Users 38
- Troubleshooting 39
- Delete the analysis results 40
- Creating analyzer VM 41
- • Confirm — Enter cr@cker42 45
- Processor Configuration 47
- Network Type 49
- Select I/O Controller Types 49
- Figure 5-12 Select a disk 50
- Select Write 58
- • Password — Enter cr@cker42 65
- Figure 5-33 Run sigcheck.exe 67
- Figure 5-36 Run MergeIDE 68
- Figure 5-37 Warning message 68
- Figure 5-38 Activate Windows 69
- Figure 5-39 Settings option 70
- Managing VM profiles 74
- View VM profiles 75
- Create VM profiles 76
- Figure 5-51 Shut down the VM 78
- Figure 5-53 79
- Edit VM profiles 80
- Delete VM profiles 80
- View the VM creation log 81
- Defense for malware analysis 83
- Terminologies 84
- Managing analyzer profiles 87
- View analyzer profiles 88
- Create analyzer profiles 89
- Integration with McAfee ePO 91
- Analyzing malware 100
- View the analysis results 102
- Analysis Results section 108
- Analysis Environment section 108
- Operations details section 109
- Disassembly Results 110
- Dropped files report 110
- Logic Path Graph 111
- User API Log 116
- Malware analysis monitors 118
- File Counters 119
- Files analyzed by File Type 119
- Analyzer Profile Usage 120
- Top malware by file name 120
- VM Creation Status monitor 121
- System Information 122
- Threat Defense 123
- CLI syntax 124
- Log on to the CLI 125
- Meaning of "?" 125
- Appliance 125
- List of CLI commands 126
Related products and manuals for Networking McAfee QUICKCLEAN 3.0
(12 pages)© 2020, manymanuals.com. All rights reserved. | 0.134 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals