MDS

    [MDS] Management - Policy Settings (Detection Settings)

    • Created :
    • Updated :

    1. Summary

    Configures the detection settings to detect various security threats.

     

    2. Menu tree

    mceclip0.png

     

    3. Contents

    1) Configure Collection Path

    To set the service protocol and BCC to monitor packets by mirroring:

    mceclip2.png

    - Select a protocol to monitor - HTTP, FTP, NNTP, SMB, SMTP, POP3 or IMAP. To select all, select Mirroring.

    - To detect malicious email content or attachment, select Email BCC. If enabled, MDS server will receive all emails as a BCC recipient to check whether the email is malicious or not. If disabled, packets from SMTP will be monitored to detect malicious email by mirroring.

     

    2) Detection Log Settings

    MDS records the scan results of files collected from mirrored traffic on a log file. To monitor the logs:

    mceclip3.png

    Compressed files or mail are determined to be malicious based on detection log settings. Set it carefully because it may not be considered malicious, depending on your settings.

     

    3) Configure Scan Condition

    To set the scan conditions:

    mceclip0.png

    - Enter the maximum file size to scan in 1 to 300 MB.

    - To scan compressed files, select Scan compressed files.

    - Enter the maximum number of compression  1 to 5. Malicious code scanning will be executed only for files compressed to a specified number of times or less.

    - To detect potentially unwanted programs(PUP) as malicious, select Detect as malicious.

    - To detect malicious program classified as potentially harmful by MDS such as a keylogger or remote access tool, select Detect as malicious.

     

    4) Dynamic Analysis

    To set the virtual machine’s operating system for dynamic analysis:

    mceclip1.png

    Select an operating system: Windows XP, Windows 7 (32/64-bit) or Windows 10 (64-bit). To select all, select Select All.

    - To add a known malware, select Known malicious codes. Files with known malware will be run and analyzed on the VM.

    - To allow download of likely normal files, and record the analysis result and create a report, select Create likely normal behavior analysis report. Select Executable files or Document File. If not selected, the information will not be displayed on the web interface.

    Was this article helpful?
    0 out of 0 found this helpful
    Return to top

    Related articles