Enabling Virtual Analyzer Parent topic

Procedure

  1. Go to AdministrationVirtual AnalyzerSetup.
  2. Select Submit files to Virtual Analyzer.
  3. Select a Virtual Analyzer type and specify the settings.
    Note
    Note
    Options may vary depending on your Deep Discovery Inspector model and license.
    • Internal
      1. Select a network type.
        The selected network type determines the Internet connectivity of Virtual Analyzer.
        WARNING
        WARNING
        Trend Micro recommends using a custom network for sample analysis.
        The custom network should be independent of the management network and other internal networks so that malicious samples in the custom network do not affect hosts in the other networks.
        Network Type
        Description
        Management network
        Direct Virtual Analyzer traffic through a management port.
        Virtual Analyzer connects to the Internet using the Deep Discovery Inspector management port.
        Custom network
        Configure a specific port for Virtual Analyzer traffic. Make sure that the port is able to connect directly to an outside network.
        Virtual Analyzer connects to the Internet using another port. Specify an open port and make sure that there are no port conflicts.
        No network
        Isolate Virtual Analyzer traffic within Virtual Analyzer. The environment has no connection to an outside network.
        Virtual Analyzer has no Internet connection and relies only on its analysis engine.
        Note
        Note
        Virtual Analyzer requires an Internet connection to query Trend Micro cloud-based services (for example, WRS and CSSS) for available threat data.
      2. Enable and configure a dedicated proxy for the internal Virtual Analyzer.
        Note
        Note
        To configure the proxy settings, the management network or custom network must be selected as the network type.
        1. In Proxy Setting select Use dedicated proxy settings.
        2. In Server address, type the proxy server's IP address, host name, or FQDN.
          Note
          Note
          Virtual Analyzer supports HTTP and HTTPS proxy servers.
        3. Type the port number.
        4. (Optional) Type the proxy server's authentication credentials.
    • External
      1. Type the IP address of the Virtual Analyzer appliance.
      2. Type the API key from the external Virtual Analyzer.
        Note
        Note
        Log onto the external Virtual Analyzer to obtain the API key.
      3. Click Test Connection.
    • Analyzer as a Service
      Note
      Note
      By default, the proxy setting is enabled when Analyzer as a Service is selected. If a proxy is not configured, Deep Discovery Inspector still connects to the service.
      1. Click Test Connection.
  4. Click Save.
  5. (Optional) For Internal Virtual Analyzer, click Test Internet Connectivity.
    Note
    Note
    Trend Micro recommends testing the Internet connectivity whenever new settings are saved.
  6. (Optional) For Internal Virtual Analyzer, go to AdministrationVirtual AnalyzerInternal Virtual AnalyzerSandbox for macOS and then enable Send possible threats for macOS to the Trend Micro Deep Discovery Analyzer as a Service for analysis.