Configuring Malware Analysis Settings

The Malware Analysis Configuration page is used to configure sandbox or live malware analysis settings using the Web UI.

Fields for the malware analysis configuration are described in the following table.

Field Description
Download Timeout (s) Timeout value in seconds. The range is 30–3600. The default value is 120.
Sandbox Proxy URL

URL or the domain of the proxy server. The following formats are shown:

  • URL: http://<IP address>:<port number> For example, http://172.16.101.24:22
  • Domain: https://<proxy server domain>
Configure Live Malware Analysis
Data Interface Select the data interface to use: ether1, ether2, or pether2. In live analysis mode, all the communication made by the malware to connect to the CnC server uses the selected interface.
External IP External IP address for the ether2 port.
Mask Subnet mask for the ether2 port.
Default Gateway IP address of the default gateway for the ether2 network interface. This address must reside on the same network segment as the ether2 interface.
Name Server IP address of the name server that is used for MVX guest images for the DNS. The name server must be accessed on the ether2 interface.
FQDN/IP Fully qualified DSN or IP address of the HTTP proxy server.
Port Port number of the HTTP proxy server.
Force data interface for Malware Analysis Typically, the data interface for the AX Series is ether1. If you choose to use ether1 for live analysis, you must select this checkbox. FireEye recommends that you configure separate interfaces for the data interface and the live interface.
Enable prefetch

Select this checkbox to enable the prefetch option in live malware analysis.

By default, this checkbox is selected. To disable the prefetch option, clear this checkbox.

Sandbox analysis is the default. No configuration is needed unless a proxy is used in the management network to download local files to the Malware Analysis appliance for analysis. When configuring a sandbox Web proxy server, make sure that the proxy is connected to the Malware Analysis appliance ether1 management port.

To configure the sandbox proxy settings:

  1. In the Web UI, open the Settings > Malware Analysis page.
  2. (Optional) Enter the value in seconds in the Download Timeout (s) box.
  3. Enter either the URL or the domain of the proxy server in the Sandbox Proxy URL box.
  4. Click Update.

To configure the Malware Analysis appliance for live malware analysis:

  1. In the Web UI, open the Settings > Malware Analysis page.
  2. Enter the IP address and subnet mask for the ether2 port in the External IP and Mask boxes.
  3. Enter the IP address for the ether2 network interface in the Default Gateway box.
  4. Enter the IP address that is used for MVX guest images for the DNS in the Name Server box.
  5. Enter the IP address and the port number for the HTTP proxy in the FDQN/IP and Port boxes.
  6. Click Update.