Enabling Virtual Analyzer Parent topic


  1. Go to AdministrationVirtual AnalyzerSetup.
  2. Select Submit files to Virtual Analyzer.
  3. Select a Virtual Analyzer type and specify the settings.
    Options may vary depending on your Deep Discovery Inspector model and license.
    • Internal
      1. Select a network type.
        The selected network type determines the Internet connectivity of Virtual Analyzer.
        Trend Micro recommends using a custom network for sample analysis.
        The custom network should be independent of the management network and other internal networks so that malicious samples in the custom network do not affect hosts in the other networks.
        Network Type
        Management network
        Direct Virtual Analyzer traffic through a management port.
        Virtual Analyzer connects to the Internet using the Deep Discovery Inspector management port.
        Custom network (recommended)
        Configure a specific port for Virtual Analyzer traffic. Make sure that the port is able to connect directly to an outside network.
        Virtual Analyzer connects to the Internet using another port. Specify an available port and make sure that there are no port conflicts.
        No network
        Isolate Virtual Analyzer traffic within Virtual Analyzer. The environment has no connection to an outside network.
        Virtual Analyzer has no Internet connection and relies only on its analysis engine.
        Virtual Analyzer requires an Internet connection to query Trend Micro cloud-based services (for example, WRS and CSSS) for available threat data.
      2. Enable and configure a dedicated proxy for the internal Virtual Analyzer.
        To configure the proxy settings, the management network or custom network must be selected as the network type.
        1. In Proxy Setting select Use dedicated proxy settings.
        2. In Server address, type the proxy server's IP address, host name, or FQDN.
          Virtual Analyzer supports HTTP and HTTPS proxy servers.
        3. Type the port number.
        4. (Optional) Type the proxy server's authentication credentials.
    • External
      1. Type the IP address of the Virtual Analyzer appliance.
      2. Type the port number of the Virtual Analyzer appliance.
      3. Type the API key from the external Virtual Analyzer.
        Log onto the external Virtual Analyzer to obtain the API key.
      4. Click Test Connection.
    • Sandbox as a Service
      By default, the proxy setting is enabled when Sandbox as a Service is selected. If a proxy is not configured, Deep Discovery Inspector still connects to the service.
      1. Click Test Connection.
  4. Click Save.
  5. (Optional) For Internal Virtual Analyzer, click Test Internet Connectivity.
    Trend Micro recommends testing the Internet connectivity whenever new settings are saved.
  6. (Optional) For Internal Virtual Analyzer, go to AdministrationVirtual AnalyzerInternal Virtual AnalyzerSandbox for macOS and then enable Send possible threats for macOS to Trend Micro Sandbox as a Service for analysis.