Virtual Analyzer

Virtual Analyzer is a cloud-based virtual environment designed for analyzing suspicious files. Sandbox images allow observation of file behavior in an environment that simulates endpoints on your network without any risk of compromising the network.

Virtual Analyzer works in conjunction with Threat Connect, the Trend Micro global intelligence network that provides actionable information and recommendations for dealing with threats.

Cloud Edge sends suspicious email file attachments to Virtual Analyzer when an attachment exhibits suspicious characteristics and signature-based scanning technologies cannot find an unknown threat.

Whenever Cloud Edge sends a suspicious attachment to Virtual Analyzer, Cloud Edge adds a tag to the email subject and to the body before sending the email to the email recipient.

The tag informs the email recipient that Cloud Edge detected that the email might contain suspicious attachments and that the attachments have been sent to Virtual Analyzer for further analysis. The tag informs the recipient that an email notification will be sent within 30 minutes if malware is found.

Virtual Analyzer performs static analysis and behavior simulation in various run time environments to identify potentially malicious characteristics. Cloud Edge queries Virtual Analyzer every five minutes to see if analysis shows that an attachment has a high-risk of containing malware.

After 30 minutes, Cloud Edge can send one of three notifications to the email recipient:

  • If analysis shows there is a high-risk that the attachment contains malware, the notification informs the recipient that the email attachment contains malware.

  • If analysis shows that the attachment is not malicious, the notification informs the recipient that the email attachment is safe.

  • If after 30 minutes, analysis is pending or ongoing, the notification informs the recipient of this status.

In addition to the notifications, Cloud Edge requests the report generated by Virtual Analyzer that contains details about the analysis. Cloud Edge creates a log entry of this incident that provides a link (found in the Details column) to the report that Virtual Analyzer sent to Cloud Edge.

Virtual Analyzer is licensed separately on each Cloud Edge gateway. You can go to Administration > Licenses to see if Virtual Analyzer is licensed and available on a specific Cloud Edge gateway.