The ATSE's macro threat detection support feature is not enabled by default. Administrator can manually activate it with the following options:
Administrator can modify the ATSE aggressive level to 4 (default level is 3) if the IMSVA is registered to DDAN and wants to detect macro threat.
- Connect IMSVA database database using the command:
# /opt/trend/imss/PostgreSQL/bin/psql imss sa
- Execute following SQL statement to set the ATSE aggressive level to 4:
update tb_global_setting set value = '4' where name = 'detection_aggressive_level';
*****************
SQL command and output as below:
imss=# update tb_global_setting set value = '4' where name = 'detection_aggressive_level';
UPDATE 1
imss=# \q*****************
- Restart scanning service to apply the change using the command:
# S99IMSS restart
When the aggressive level is set to 4, the ATSE false positive rate will increase. And for the IMSVA with no DDAN integrated, it is not recommended to set the aggressive level to 4.
Administrator also can configure the hidden key to enable new macro heuristic rules when aggressive level is 3:
- Connect to the IMSVA database using the command:
# /opt/trend/imss/PostgreSQL/bin/psql imss sa
- Execute the following SQL statement to set the hidden key:
insert into tb_global_setting values('general', 'rules_included', 'HEUR_VBA.O1;HEUR_VBA.O2;HEUR_VBA.D;HEUR_VBA.E;HEUR_VBA.E2;HEUR_VBA.E3', 'imss.ini', NULL);
*******************
SQL command and output as below:
imss=# insert into tb_global_setting values('general', 'rules_included', 'HEUR_VBA.O1;HEUR_VBA.O2;HEUR_VBA.D;HEUR_VBA.E;HEUR_VBA.E2;HEUR_VBA.E3', 'imss.ini', NULL);
INSERT 0 1
imss=# \q*******************
You may copy and paste the SQL statement above. - Restart scanning service to apply the change using the command:
# S99IMSS restart