Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Information about rule ID 707, 708, 709 in Deep Discovery Inspector (DDI)

    • Updated:
    • 4 Feb 2016
    • Product/Version:
    • Deep Discovery Inspector 3.6
    • Deep Discovery Inspector 3.7
    • Deep Discovery Inspector 3.8
    • Platform:
    • N/A N/A
Summary

Know the meaning of rule ID 707, 708 and 709 and how they are composed in DDI.

Details
Public

Meaning of DDI rules:

  • 707 MALWARE: High Callback to IP address in Virtual Analyzer C&C List.

    When this rule is triggered, it means DDI detected an IP connection to C&C server

    .
  • 708 MALWARE: High Malware file hash from Virtual Analyzer feedback.

    When this rule is triggered, it means DDI detected a file that was analyzed by Virtual Analyzer before and was determined as high risk malware.

  • 709 MALWARE: High Callback to URL in Virtual Analyzer C&C List.

    When this rule is triggered, it means DDI detected a URL request to C&C server.

Process of how the rules are composed:

  1. DDI sends files to Virtual Analyzer (either internal or external).
  2. The Virtual Analyzer analyzes the received files and then returns a feedback list to DDI. Only files detected as high risk malware will be recorded in the feedback list, the full report for all files are sent seperately.
  3. DDI receives the feedback list and adds the entries into its database.
  4. The CAV module in DDI uses the entries in the database and matches it against the following rules:
    • 707 - IP/Port information
    • 708 - sha1
    • 709 - Uniform Resource Locator (URL)
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1099280
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.