Sandbox – Intelligent Systems Monitoring

CAS- Need to install JRE to analyse .JAVA malware

December 21, 2019December 28, 2019 Symantec Community Leave a comment

I need a solution

Hi Team,

Please provide your advise on the below queries.

1. If we need to analyse .JAVA malware, we need to have JRE installed or else it will not detected it ( No JAVA runtime environment).

2. Not sure if this is possible on our current Malware Sandbox. Is there a way for it to extract the content of an archive and execute the file inside an archive?

We have 2 cases (ISO and IMG) which only mounts the file

3. If this is not possible, we need to extract the malware out of the archive and move it inside the Malware Sandbox

Thanks,

Ram

Slowness in Presenting Citrix Gateway/AAA Login page on Client Browsers

Does the Sandboxing engine revert to a snap-shot of Windows ivm at a time before detonating the file?

September 11, 2019September 16, 2019 Symantec Community Leave a comment

I do not need a solution (just sharing information)

Hi;

Does the Sandboxing engine revert to a snap-shot of Windows ivm at a time before detonating the file? I mean at the end of sandboxing a certain file?

Kindly

Wasfi

No Related Posts

When we set the CASMA profile as “Balanced” how many ivm profiles can you have?

September 11, 2019September 11, 2019 Symantec Community Leave a comment

I need a solution

Hi;

When we set the CASMA profile as “Balanced-all in one” how many ivm profiles can you have? since you can only have a limited number of ivm profiles? Also, when you set it to “On box sandboxing” what is the maximum number if ivms can you have?

Kindly

Wasfi

No Related Posts

On box VS cloud based sandboxing

September 1, 2019September 4, 2019 Symantec Community Leave a comment

I need a solution

Hi;

Is there a best practice regarding this. Like send all private files like .docs to the on-box sandboxing engine and the non-sensitive file types to be sandboxed by the could engine.

It would be great if there is a link or an article.

Kindly

Wasfi

No Related Posts

Do cloud based sandboxing and the “Symantec” on box integrated sandboxing suppport Windows 10?

August 20, 2019August 20, 2019 Symantec Community Leave a comment

I need a solution

Do cloud based sandboxing and the “Symantec” on box integrated sandboxing support any Linux Red Hat version in the same way it supports emulation of Windows10?

Kindly

Wasfi

Do cloud based sandboxing and the “Symantec” on box integrated sandboxing support Linux Red Hat?

August 20, 2019August 20, 2019 Symantec Community Leave a comment

I need a solution

Do cloud based sandboxing and the “Symantec” on box integrated sandboxing support any Linux Red Hat version in the same way it supports emulation of Windows10?

Kindly

Wasfi

Sandboxing file types best practice from a client delay perspective.

August 20, 2019August 22, 2019 Symantec Community Leave a comment

I need a solution

Hi;

What file types should be sandboxed first then sent to the client and what file types should be sent to the client without delay. Is there a best practice reference I can use.

Kindly

Wasfi

No Related Posts

Content & Malware Analysis – Virtual Appliance

May 28, 2019May 28, 2019 Symantec Community Leave a comment

I need a solution

Hi All,

I’ve configured my Virtual Appliance Content Analysis in my lab and I have a few questions.

1. I got a license for – Sandbox Broker and On-Box Sandboxing. what can I do with the content analysis with these licenses?

2. I can see in the Statistics > Historical Connections all the websites from the users. but if I try to download the EICAR test file, the result is CLEAN

Log file from my content analysis;

https://imgur.com/Z0h8xYa

3. there is a Malware Analysis Virtual Appliance? if No, Can I do some malware analysis in the virtual content analysis?

Thanks,

Command injection prevention

How can I be notified when a file goes into Sandboxing with advanced malware protection license?

May 20, 2019May 23, 2019 Symantec Community Leave a comment

I need a solution

Hi;

How can I be notified when a file goes into Sandboxing with advanced malware protection license? Of course this is regardless of the verdict. I mean even if the file is not a malware, how can I see what files have been sent to the sandboxing engine that comes with advanced malware protection license as opposed to the standard one.

Is it in the logs, can it be associated with an SNMP trap or an email.

Kindly

Wasfi

No Related Posts

CAS- MAA task process related query

May 15, 2019May 19, 2019 Symantec Community Leave a comment

I need a solution

Hi Team,

plese provide information on below two task status in the CAS sandboxing ( screenshot attached).

1. The selected progile is not in the ‘ready’ state

2. unsupported file format for Sandbox

Thanks,

Ram

process.jpg

Tag: Sandbox

CAS- Need to install JRE to analyse .JAVA malware

Related:

Does the Sandboxing engine revert to a snap-shot of Windows ivm at a time before detonating the file?

Related:

When we set the CASMA profile as “Balanced” how many ivm profiles can you have?

Related:

On box VS cloud based sandboxing

Related:

Do cloud based sandboxing and the “Symantec” on box integrated sandboxing suppport Windows 10?

Related:

Do cloud based sandboxing and the “Symantec” on box integrated sandboxing support Linux Red Hat?

Related:

Sandboxing file types best practice from a client delay perspective.

Related:

Content & Malware Analysis – Virtual Appliance

Related:

How can I be notified when a file goes into Sandboxing with advanced malware protection license?

Related:

CAS- MAA task process related query

Related:

Links