-
File samples:
-
For single file samples, Deep Discovery Analyzer analyzes the samples using the Virtual Analyzer image specified in the matched policy. If no match is found, the default policy applies.
-
For archive samples:
-
If extracted files match a submission policy and the default policy, Deep Discovery Analyzer uses the Virtual Analyzer image specified in the matched policy and the default policy to analyze files.
-
If some extracted files match a policy and no policy match is found for other files in the same archive sample, Deep Discovery Analyzer applies the matched policy.
-
If some extracted files match the default policy and no policy match is found for other files in the same archive sample, Deep Discovery Analyzer applies the default policy.
-
If no policy match is found for all extracted files in an archive sample, Deep Discovery Analyzer applies the default policy with the unsupported analysis result (displayed as a gray icon () in the Risk Level field on the Submissions screen).
-
-
-
URL samples:
-
With prefilter scanning:
-
If the prefilter scan result is non-malicious, Deep Discovery Analyzer does not apply any policies nor analyze the sample using a specific Virtual Analyzer image.
-
If the prefilter scan result is potentially malicious, Deep Discovery Analyzer analyzes the samples using the Virtual Analyzer image specified in the matched policy by submitter (not by file type). If no match is found, the default policy applies.
-
If URL samples link to downloadable files, Deep Discovery Analyzer analyzes the downloaded file samples using the Virtual Analyzer image specified in the matched policy. If no match is found, the default policy applies.
-
-
Without prefilter scanning:Deep Discovery Analyzer analyzes the samples using the Virtual Analyzer image specified in the matched policy by submitter (not by file type). If no match is found, the default policy applies.
-
NoteIf the Trend Micro Sandbox for macOS service is enabled for supported Mac file type,
Deep Discovery Analyzer sends
samples to Sandbox for macOS for analysis and includes the result in the analysis
report.
|
For example, Deep Discovery Analyzer contains
three submission policies listed in the following table.
Submission policy examples
Policy Name
|
Submitter
|
File Type
|
Image
|
Policy A
|
Deep Discover Inspector
|
EXE |
Windows 7
|
CSV |
Windows XP
|
||
Policy B
|
Apex One
|
PPT |
Windows 10
|
Default
|
Any
|
|
CentOS 7
|
|
|
Note
|
The following table shows the matched policies and the Virtual Analyzer image used
for
samples submitted to Deep Discovery Analyzer.
Policy matching result examples
Sample
|
File Type
|
Submitter
|
Matched Policy
|
Image Used
|
File
|
EXE |
Deep Discovery Inspector
|
Policy A
|
Windows 7
|
CSV |
Deep Discovery Inspector
|
Policy A
|
Windows XP
|
|
EXE |
Apex One
|
Default
|
|
|
PPT |
Apex One
|
Policy B
|
Windows 10
|
|
SH |
Apex One
|
Default
|
CentOS 7
|
|
Archive
|
ZIP (EXE ) |
Deep Discovery Inspector
|
Policy A
|
Windows 7
|
ZIP (EXE and
CSV ) |
Deep Discovery Inspector
|
Policy A
|
|
|
ZIP (EXE , CSV ,
DOC , and PDF ) |
Deep Discovery Inspector
|
Policy A
|
|
|
Default
|
|
|||
ZIP (EXE , DOC , and
PDF ) |
Deep Discovery Inspector
|
Policy A
|
Windows 7
|
|
Default
|
|
|||
HTML |
Deep Discovery Inspector
|
Default
|
Result: Unsupported
|
|
ZIP (EXE and
HTML ) |
Deep Discovery Inspector
|
Policy A
|
Windows 7
|
|
ZIP (EXE , CSV ,
DOC , and PDF ) |
Apex One
|
Default
|
|
|
URL (from prefilter with no policy matching)
|
Not applicable
|
Any
|
Not applicable
|
All images
|
URL (without file samples)
|
Not applicable
|
Deep Discovery Inspector
|
Policy A
|
|
Not applicable
|
ScanMail for Microsoft Exchange
|
Default
|
|
|
URL (with file samples)
|
EXE |
Deep Discovery Inspector
|
Policy A
|
Windows 7
|
ZIP (EXE , DOC , and
PDF ) |
Deep Discovery Inspector
|
Policy A
|
Windows 7
|
|
Default
|
|