Virtual Analyzer uses system images to observe sample behavior and characteristics within an isolated and controllable virtual environment then assigns a risk level to the sample. Therefore, enabling the Virtual Analyzer feature not only helps organization identify and combat potential threats at an early stage, but also gives us a deeper understanding and knowledge of potential threats.
Recommendation
The Virtual Analyzer feature in DDI can be enabled at any time but by default, it is set to Disabled. To defend against potential threats, Trend Micro recommends the following:
- Enable Virtual Analyzer,then submit the files to either Internal Virtual Analyzer (Built into DDI) or to the External one (Built into other Trend Micro products as Deep Discovery Analyzer (DDAN)).
- Enlarge the file size to 15 MB for intercepted files to minimize dropped file occurrences.
Configuration
To enable Virtual Analyzer in DDI, do the following:
-
Go to Administration > Virtual Analyzer > Setup.
-
Tick the Submit files to Virtual Analyzer checkbox then complete all related settings.
-
Click Save.
The files captured by DDI larger than the maximum size will be dropped. To modify the storage file size: