Legitimate tool required for daily operation on windows system

Malicious software designed to steal information from owner machine

Key-logger

Multipartite Virus

Stealth Virus

MERS

Polymorphic Virus

Excellent procedure for malware analysis since user does not need to take any event action or execute the file

User has to perform Action like event execution for the malware to note its behaviour

user should just wait for malware timer to expire and analyze result

Automatically infects and spreads from computer to compute

Appears as a useful program to encourage propegation

Can only be spread through a network

Cannot be spread via social media

McAfee Web Gateway

McAfee NSP

McAfee Firewall Enterprise

McAfee Email Gateway

Static malware analysis utilizes the computational capabilities of the platform to do in moments what a team of researchers could take weeks to accomplish. During static analysis any packed malware is unpacked. Often malware is packed to compress and modify the mal- ware in an attempt to frustrate efforts to analyze it. ATD has phenom- enal success in unpacking malware. The malware code is disassem- bled and reviewed to determine what would happen if the malware was successful in its function. It is important to note that the static analysis is much more than just header analysis

Static analysis involves running malware in sandbox environment and extract malicious code out of the file and report to the administrator

Static analysis is unique feature of MATD device to perform malware analysis on the malicious file with the help of GAM and GTI only . This identifies the code from the subject file and alert the administrator accordingly.

GTI is McAfee Appliance that can be used with McAfee Products to provide reputation based feature to customer network and information exchange

Global threat input

GTI is reputation database online available and cant be used with McAfee products

Global Threat Intelligence is McAfee’s cloud-based security offering. Using thousands of McAfee intelligent agents and devices, confiden- tial data can be correlated about suspicious files to quickly identify malware and determine changes in the threat landscape. These re- sults can be quickly disseminated throughout the cloud to inhibit the spread of infection

.exe

.pub

.apk

.zip

.rar

Windows ME

Windows 3.1

Windows 10

Windows 7 Professional (32bit)

None of The Above

Arabic

Bangla

Malay

Japanese

Local Whitelist -->Local Blacklist -->(GAM Emulation)-->GTI Reputation-->Sandbox

Local Whitelist -->Local Blacklist -->(sandbox)-->PDF SCAN- Emulation

Local Whitelist -->Local Blacklist -->(GAM Emulation)-->GTI Reputation-->MEG

Local Whitelist -->Local Blacklist -->(GAM Emulation)-->GTI Reputation-->McAfee AV Scan

21

22

2211

2222

115000

38400

119200

115200

Set Appliance Name

Set Name

Set sensor name

admin123

admin123$

admin

Inline mode

SPAN MODE

Standalone mode

TAP MODE

atdadmin/atdadmin

admin/admin

cliadmin/atdadmin

Status

show system status

show

Wipes all default configuration and keeps network configuration only

Rest admin credentials and removes all the VM images/profile

Resets the active disk to defaults. This deletes all IP addresses, results, logs and VM’s on the active disk and restores it with the backup disk

30

45

50

60

The Reset Database checkbox will reset all analyzer policies and VM profiles and delete any analysis samples on the ATD appliance. This will NOT remove any virtual machines that have been uploaded to the appliance.

The Reset Database checkbox will reset all analyzer policies and VM profiles and delete any analysis samples on the ATD appliance. This will remove virtual machines that have been uploaded to the appliance.

The Reset Database checkbox will reset all analyzer policies and VM profiles and delete any analysis samples on the ATD appliance. This will remove virtual machines and user configuration from appliance.

is used to backup the active disk to the backup before an upgrade

is used to backup the second disk before an upgrade

is used to backup the redundant disk before an upgrade

whitelist entry update

whitelist entry add

whitelist add

Yes

No

SMP

SAML

REST

ePO provides user name to ATD

User Machine MAC Address

TARGET OS can be provided to ATD

VMWARE

HYPER-V

Type 1 Hypervisor

The support bundle is a .tgz of the system log files, any diagnostic files and some additional miscellaneous log files for McAfee Customer Support. After clicking the button a prompt is given for a McAfee Support Ticket number

The support bundle is a .tgz of the system log files, VM image files and some additional information for McAfee Customer Support. After clicking the button a prompt is given for a McAfee Support Ticket number

The support bundle is a .tgz of the system log files, audit log files and some additional information for McAfee Customer Support. After clicking the button a prompt is given for a McAfee Support Ticket number

admin

mwg

nsp

atdadmin

apoadmin

Admin

Web Access

Ftp Access

Restful Access

Telnet Access

If Internet connectivity is enabled in the analyz- er profile, McAfee Advanced Threat Defense uses this mode. McAfee Advanced Threat Defense provides a real Internet connection through the management port, which is publicly routed as directed by the ATD network configuration. The interface port that ATD uses to connect to the internet using this mode can be designated in ATD 3.2.0 and later.

If Internet connectivity is enabled in the analyz- er profile, McAfee Advanced Threat Defense uses this mode. McAfee Advanced Threat Defense provides a real Internet connection through the management port, which is publicly routed as directed by the ATD network configuration. The interface port that ATD uses to connect to the internet using this mode can be designated in ATD 3..0.4 only

If Internet connectivity is enabled in the analyz- er profile, McAfee Advanced Threat Defense uses this mode. McAfee Advanced Threat Defense provides a real Internet connection through the management port, which is publicly routed as directed by the ATD network configuration. The interface port that ATD uses to connect to the internet using this mode can be designated in ATD 3.0.5 only

Antimalware.Proactive. Absolute

Antimalware.Proactive. Minimum

Antimalware.Proactive. Probablility

10 hours

10 seconds

20 minutes

5 seconds

10 minutes

7.1.0

7.3.0

7.3.2

7.4.x

10 MB

15 MB

20 MB

128 MB

25 MB

True

False