To reduce the number of files and messages
in the Virtual Analyzer queues, configure filters for Virtual Analyzer
submission.
 |
Note
|
Procedure
- Go to .
- Specify Settings.OptionDescriptionNetwork Connection
Note
This section is available when Deep Discovery Email Inspector is using an internal Virtual Analyzer.When the internal Virtual Analyzer is set to connect to the Internet through a proxy server, reconfigure proxy settings after a configuration restore or firmware update on Deep Discovery Email Inspector.From the Network type drop-down list, select how Virtual Analyzer connects to the network. For information about network types, see Virtual Analyzer Network Types.If you select the Custom Network type, select a specific port for Virtual Analyzer traffic from the Sandbox port drop-down list and click Configure IPv4 settings to configure the network settings.If a proxy server is required for the internal Virtual Analyzer to connect to the Internet, select Use a dedicated proxy server from the drop-down list and provide the following information:-
Server address
-
Port
-
Proxy server requires authentication: If authentication is required, select this check box and type the user name and password.
File Submission FiltersFiles: Select the file types to have Virtual Analyzer perform one of the following actions:-
Submit only highly suspicious files
-
Submit highly suspicious files and force analyze all selected file types
To reduce the likelihood of false-positive detections, select Do not analyze files found safe by the Certified Safe Software Service.For details, see Certified Safe Software Service.URL Submission FiltersBy default, URLs found safe are first submitted to the URL pre-filter before submitting to Virtual Analyzer. For messages with safe URLs, you can add one or more subject keywords to filter these messages for Virtual Analyzer submission. Safe URLs in matched messages are sent directly to Virtual Analyzer, bypassing the URL pre-filter.Keyword: Type a subject keyword and click Add to add the keyword to the list.To delete a keyword from the list, select an entry and click Delete.Note
You can specify up to 50 keywords.Timeout SettingSelect how long Virtual Analyzer should wait before timing out a submitted object. By default, when the submission timeout is reached, Virtual Analyzer sends out submitted objects waiting in the queue without analysis. Timed out objects still receive risk levels from other scan engines.You can configure threat protection rules in policies to perform actions on timed out objects.For more information, see Configuring a Threat Protection Rule. -
- Click Save.
Certified Safe Software Service
Certified Safe Software
Service (CSSS) is the Trend Micro cloud database of known safe
files. Trend Micro
datacenters are queried to check submitted files against the
database.
Enabling CSSS prevents known safe files from entering the Virtual Analyzer queue.
This
process:
-
Saves computing time and resources
-
Reduces the likelihood of false positive detections
 |
TipCSSS is enabled by default. Trend Micro
recommends using the default settings.
|
Virtual Analyzer Network Types
When simulating file and URL behavior, Virtual
Analyzer uses its own analysis engine to determine the risk of an object. The selected
network type also determines whether submitted objects can connect to the Internet.
After configuring the network connection, click Test Internet
Connectivity to verify that Virtual Analyzer can connect to the Internet.
|
NoteInternet access improves analysis by allowing samples to access
C&C callback addresses or other external links.
|
|
Network Type
|
Description
|
||
|
Management network
|
Direct Virtual Analyzer traffic through the management port.
|
||
|
Custom network
|
Virtual Analyzer connects to the Internet using a port other than
the management port.
|
||
|
No network access
|
Isolate Virtual Analyzer traffic within the sandbox environment. The environment
has no connection to an outside network.
|
Virtual Analyzer File Submission Filters
The following table shows the displayed file categories, contained full file types,
and
file extensions.
Virtual Analyzer File Submission Filters
|
Displayed File Category
|
Full File Type
|
Example File Extensions
|
||
|
Flash and other multimedia
|
Scalable Vector Graphics (SVG)
Adobe™
Shockwave™ Flash file
Apple QuickTime media
|
.svg.swf.mov |
||
|
HTML
|
Hypertext Markup Language file
Web page archive file
|
.htm.html.xht.xhtml.mht.mhtml.shtml |
||
|
Java
|
Java Archive (JAR)
Java class file
|
.jar.class |
||
|
Office
|
Microsoft™
Word™ document
Microsoft™ OLE document
Microsoft™ Office Word™ (2007 or later) document
Microsoft™
Powerpoint™ presentation
Microsoft™ Office PowerPoint™ (2007 or later) presentation
Microsoft™
Excel™ spreadsheet
Microsoft™ Office Excel™ (2007 or later) spreadsheet
Microsoft™
Office™ 2003 XML file
Microsoft™
Word™ 2003 XML document
Microsoft™
Excel™ 2003 XML spreadsheet
Microsoft™
PowerPoint™ 2003 XML presentation
Microsoft™ Publisher 2016
Hancom™ Hancell spreadsheet
Hancom™
Hangul Word Processor (HWP) document
Hancom™ Hangul Word Processor
(2014 or later) (HWPX) document
JustSystems™
Ichitaro™ document
JungUm™ Global document
Microsoft™
Outlook™ Item
Microsoft™ symbolic link format
Microsoft™ Excel web query file
Comma-separated values (CSV) file
OpenDocument Format (ODF)
|
.doc.dot .docx.dotx .pps .ppsx .ppt.pptx.pub.xla .xls.xlsx.xlt .xlm .cell.xml.xlsb .xltx.hwp.hwpx.jtd.gul.msg.slk.iqy.csv.odp.ods.odt |
||
|
Office with Macros
|
Microsoft™ Office Word™ (2007 or later) macro-enabled document
Microsoft™ Office PowerPoint™ (2007 or later) macro-enabled presentation
Microsoft™ Office Excel™ (2007 or later) macro-enabled spreadsheet
|
.docm.dotm.potm.ppam .ppsm .pptm.xlam .xlsm.xltm |
||
|
Other document formats
|
Compiled HTML (CHM) help file
Microsoft™
Windows™ Shell Binary Link shortcut
Microsoft™ Rich Text Format (RTF) document
Microsoft OneNote
|
.chm.lnk.rtf.one |
||
|
PDF
|
Adobe™ Portable Document Format (PDF)
|
.pdf |
||
|
Scripts
|
Microsoft™
Windows™ Batch file
Microsoft™
Windows™ Command Script file
JavaScript™ file
JavaScript™ encoded script file
HTML Application file
Microsoft™
Windows™ PowerShell script file
Visual Basic™ encoded script file
Visual Basic™ script file
Microsoft™
Windows™ script file
Internet shortcut file
Linux shell executable file
|
.bat.cmd.js.jse.hta.ps1.vbe.vbs.wsf.url.sh |
||
|
Portable executables
|
AMD™ 64-bit DLL file
Microsoft™
Windows™ 16-bit DLL file
Microsoft™
Windows™ 32-bit DLL file
Executable and Linkable Format (ELF) file
Executable file (EXE)
AMD™ 64-bit EXE file
DIET DOS EXE file
Microsoft™ DOS EXE file
IBM™ OS/2 EXE file
LZEXE DOS EXE file
MIPS EXE file
MSIL Portable executable file
Microsoft™
Windows™ 16-bit EXE file
Microsoft™
Windows™ 32-bit EXE file
ARJ compressed EXE file
ASPACK 1.x compressed 32-bit EXE file
ASPACK 2.x compressed 32-bit EXE file
GNU UPX compressed EXE file
LZH compressed EXE file
LZH compressed EXE file for ZipMail
MEW 0.5 compressed 32-bit EXE file
MEW 1.0 compressed 32-bit EXE file
MEW 1.1 compressed 32-bit EXE file
PEPACK compressed executable
PKWARE™
PKLITE™ compressed DOS EXE file
PETITE compressed 32-bit executable file
PKZIP compressed EXE file
WWPACK compressed executable file
|
.com .cpl .crt .dll.drv.elf.exe.ocx .scr .sys |
|
NoteDeep Discovery Email
Inspector submits
files of the following types to the external Virtual Analyzer only:
|
Virtual Analyzer can scan the files that match the supported file types in an archive
file.
The following table lists the supported archive file types.
Archive file types
|
True File Type
|
Full File Type
|
Example File Extensions
|
|
7ZIP
|
7-zip archive
|
.7z |
|
ACE
|
WinAce archive
|
.ace |
|
ALZ
|
ALZip archive
|
.alz |
|
AMG
|
Fujitsu AMG archive
|
.amg |
|
ARJ
|
ARJ archive
|
.arj |
|
BINHEX
|
BinHex file
|
.hqx |
|
BZIP2
|
BZIP2 archive
|
.bz2.bzip2 |
|
CAB
|
Microsoft™ Cabinet file
|
.cab |
|
CPIO
|
CPIO archive
|
.cpio.cpgz |
|
EGG
|
ALZip archive
|
.egg |
|
GZIP
|
GNU ZIP archive
|
.gzip.gz |
|
ICS
|
iCalendar file
|
.ics |
|
LHA
|
LHARC compressed archive
|
.lha.lharc |
|
LZH
|
Lempel-Ziv-Welch (LZW) Compressed Amiga archive
|
.lzh |
|
MIME
|
Multipurpose Internet Mail Extensions (MIME) Base64 file
|
.eml.email |
|
MSG
|
Microsoft™
Outlook™ Item
|
.msg |
|
RAR
|
Roshal Archive (RAR) archive
|
.rar |
|
SIT
|
Smith Micro™ StuffIt archive
|
.sit.sitx |
|
TAR
|
TAR archive
|
.tar.tgz |
|
TNEF
|
Microsoft™
Outlook™ Transport Neutral Encapsulation Format (TNEF)
file
|
.tnef.winmail.dat.win.dat |
|
UDF
|
Universal Disk Format file
|
.iso |
|
UUCODE
|
Uuencode file
|
.uue |
|
VCS
|
vCalendar file
|
.vcs |
|
XZ
|
XZ archive
|
.xz |
|
ZIP
|
PKWARE PKZIP archive (ZIP)
|
.zip |
The following table lists the Mac file types that Deep Discovery Email
Inspector automatically submits to the
external Mac sandbox for analysis, regardless of the submission settings. These files
are
not submitted to the internal Virtual Analyzer.
|
NoteIf you configure Deep Discovery Email
Inspector to use an external Virtual Analyzer and select the Java file
category, Deep Discovery Email
Inspector also submits
Java archive (
.jar) and class (.class) files to
the external Mac sandbox for analysis. |
Mac file types
|
True File Type
|
Full File Type
|
Example File Extensions
|
|
DMG
|
Apple disk image file
|
.dmg |
|
PKG
|
Mac OS X installation file
|
.pkg |
|
Mach-O
|
Mach object file
|
.o |