Virtual Analyzer is a cloud-based virtual environment designed
for analyzing suspicious files. Sandbox images allow observation of file behavior
in an
environment that simulates endpoints on your network without any risk of compromising
the
network.
Virtual Analyzer works in conjunction with Threat Connect, the
Trend Micro global intelligence network that provides
actionable information and recommendations for dealing with threats.
Cloud Edge sends suspicious
email file attachments to Virtual Analyzer when an attachment exhibits suspicious
characteristics and signature-based scanning technologies cannot find an unknown threat.
Whenever Cloud Edge sends a suspicious
attachment to Virtual Analyzer, Cloud Edge adds a tag to
the email subject and to the body before sending the email to the email recipient.
The tag informs the email recipient that Cloud Edge detected that the email might contain suspicious
attachments and that the attachments have been sent to Virtual Analyzer for further
analysis.
The tag informs the recipient that an email notification will be sent within 30 minutes
if
malware is found.
Virtual Analyzer performs static analysis and behavior simulation in various run
time environments to identify potentially malicious characteristics. Cloud Edge queries Virtual Analyzer every five minutes to see
if analysis shows that an attachment has a high-risk of containing malware.
After 30 minutes, Cloud Edge can send one of three
notifications to the email recipient:
-
If analysis shows there is a high-risk that the attachment contains malware, the notification informs the recipient that the email attachment contains malware.
-
If analysis shows that the attachment is not malicious, the notification informs the recipient that the email attachment is safe.
-
If after 30 minutes, analysis is pending or ongoing, the notification informs the recipient of this status.
In addition to the notifications, Cloud Edge
requests the report generated by Virtual Analyzer that contains details about the
analysis.
Cloud Edge creates a log entry of this incident that
provides a link (found in the Details column) to the report that
Virtual Analyzer sent to Cloud Edge.
Virtual Analyzer is licensed separately on each Cloud Edge gateway. You can go to to see if Virtual Analyzer is licensed and available on a specific Cloud Edge gateway.