Views:

Recommendation

Since suspicious files analyzed by internal Virtual Analyzer might also trigger some malicious traffics, for instance, connecting back to the command and control servers, those traffics would be intercepted and will trigger certain DDI rules. To easily identify those detections that are from the internal Virtual Analyzer, Trend Micro recommends:

  • Setting up custom network and configuring a specific port for Virtual Analyzer traffic.
  • Testing the Internet connectivity whenever new settings are saved.

Configuration

To configure a custom network for internal Virtual Analyzer:

  1. On the Management console, go to Administration > Virtual Analyzer > Setup.

    Go to Setup

  2. Tick the Submit files to Virtual Analyzer checkbox then specify another data port, IP, or proxy settings for the Internet connectivity of Virtual Analyzer.

    Select Submit files to Virtual Analyzer

  3. Click Save.

    Click Save