When ICAP integration is enabled, Deep Discovery Analyzer automatically reduces Virtual Analyzer throughput to conserve system resources.
The default value is 1344.
ICAPS port number: Default value is 11344
Certificate: Certificates must use base64-encoding
Private key: Private keys must use base64-encoding
Only encrypted private keys are supported.
For details, see ICAP Header Responses.
Bypass URL scanning in RESPMOD mode
Scan samples using YARA rules
Scan samples using the selected suspicious objects list
Suspicious objects in the generated suspicious objects list are added by the internal Virtual Analyzer in Deep Discovery Analyzer while suspicious objects in the synchronized suspicious objects list are obtained from Deep Discovery Director.
If you select Synchronized suspicious objects list, you must also integrate Deep Discovery Analyzer with Trend Micro Vision One or enable suspicious object synchronization from Deep Discovery Director.
For more information, see Registering to Deep Discovery Director.
Scan samples using the user-defined suspicious objects list
Scan samples using the Predictive Machine Learning engine
Classify password-protected samples
The Enable MIME content-type validation setting only applies when you select Enable MIME content-type exclusion.
When you select this option, Deep Discovery Analyzer will still perform an ICAP pre-scan on samples with one of the following:
Some MIME content-types in ICAP Preview mode
Custom MIME content-types
Some pre-defined MIME content-types
Samples with unsupported file types are not submitted to Virtual Analyzer for scanning after ICAP pre-scan.
This setting allows Deep Discovery Analyzer to display a custom page whenever an ICAP client blocks network traffic for specific events. The ICAP client may override this setting. If the setting is enabled and the custom page are not displayed, verify that there are no conflicts with the ICAP client configuration.
Deep Discovery Analyzer supports custom pages for the following events:
Use any text editor to create the pages, and save as plain text. HTML tags may be used to apply formatting. Ensure that files are smaller than 5 MB.
The default value is 1000.
To add a new IP address or IP address range, click Add.
To remove an existing entry, select an entry and click Delete.
By default, all ICAP clients can submit samples to Deep Discovery Analyzer.
For high-risk samples:
Deep Discovery Analyzer returns an "HTTP 403 Forbidden" message to the ICAP client.
If the User Notification Page setting is enabled, Deep Discovery Analyzer includes the uploaded page as part of the message.
If X-Virus-ID and X-Infection-Found ICAP headers are enabled, Deep Discovery Analyzer includes these headers within the message.
For no-risk samples:
Deep Discovery Analyzer returns the original message it receives from the ICAP client.
If the ICAP client supports ICAP "204 No Content", it returns an ICAP "204 No Content" response without the original message.