DDAN 5.8 users with SMTP alerts enabled may encounter an issue where alerts are sent with the following information:
Subject: DDAN Critical Alert - Virutal Analyzer Stopped
Description: Virtual Analyzer encountered an error and was unable to recover. Analysis has stopped.
This issue may indicate a larger problem and should be further investigated by the DDAN administrator. In situation in which you have received very few of such messages over a long period of time, the error can be disregarded.
However, in some cases if the issue is repeatedly happening or on multiple VMs, the sample analysis process may be halted, causing the queue to grow rapidly.
Recommended Action(s)
Trend Micro is currently investigating a permanent resolution for the issue, but in the interim does have a verified workaround which includes adjusting the DDAN configuration to change a couple of key variables.
The following two adjustments can be done by the administrator directly. If neither of the suggested two improve the situation, contact your designated Trend Micro technical support representative for further assistance.
-
Option 1:
Lower the number of Virtual Sandboxes in steps of 10%. This limits the use of the designated TMPFS space which in most cases causes the alert to trigger.
-
Option 2:
Increase the available TMPFS space by changing the setting on the DDAM RDQA page:
-
Open your browser and enter the following address:
https://<DDAN-IP>/pages/rdqa.php
- Click Change U-Sandbox Ramdisk Size and adjust the ramdisk size to maximum 24576 MB (24GB).
- Click Save.
-
Please revisit this page as we are continuously updating available solutions.
For DDAN 5.8, Hot Fix 1207 addresses this problem. Contact Trend Micro Technical Support to request a copy of Hot Fix 1207 or any later Hot Fix versions.
