Virtual Analyzer is a secure virtual environment that manages and analyzes
objects submitted by integrated products, administrators, and investigators. Custom
sandbox
images enable observation of files, URLs, registry entries, API calls, and other objects
in
environments that match your system configuration.
Virtual Analyzer performs static and dynamic analysis to identify an
object's notable characteristics in the following categories:
-
Anti-security and self-preservation
-
Autostart or other system configuration
-
Deception and social engineering
-
File drop, download, sharing, or replication
-
Hijack, redirection, or data theft
-
Malformed, defective, or with known malware traits
-
Process, service, or memory object change
-
Rootkit, cloaking
-
Suspicious network or messaging activity
During analysis, Virtual Analyzer rates the characteristics in context and
then assigns a risk level to the object based on the accumulated ratings. Virtual
Analyzer also
generates analysis reports, suspicious object lists, PCAP files, and OpenIOC files
that can be
used in investigations.
It works in conjunction with Threat Connect, the Trend Micro service that correlates suspicious objects detected in your environment and threat
data from the Smart Protection Network.