Enabling or Disabling Dropper Detection

Use the CLI commands to enable or disable the dropper detection component, which provides another type of static analysis on the Malware Analysis appliance. This component allows the Malware Analysis appliance to identify malicious files that might have installed additional types of malware on your system. A dropper is not associated with any file extensions, and it is often part of a spearphishing attempt. The Malware Analysis appliance sends the dropper files that matched the first ten MD5 checksums to the Dynamic Threat Intelligence (DTI) Cloud for further analysis. When the dropper detection component is disabled, the Malware Analysis appliance does not send the dropper files to the DTI Cloud.

After you have configured the Malware Analysis appliance to detect dropper files using the CLI, you can view the analysis of the results on the Malware Analysis page in the Web UI.

You can enable or disable dropper detection only using the CLI. This component is enabled by default.

Prerequisites

• Administrator or Operator access to the Malware Analysis appliance
• A connection to the DTI Cloud
• Verify that static analysis is enabled on the appliance. Use the show static-analysis config command.
• Verify that AV-Suite integration is enabled on the appliance. Use the show static-analysis config command.