Content & Malware Analysis

 View Only
  • 1.  What is Malware Analysis Telemetry

    Posted Jun 03, 2020 08:48 PM
    Hi;

    On page 22 of Content Analysis 2.4 admin guide, there is this URL: "maa-updates.es.bluecoat.com". It is described to be associated with Malware Analysis Telemetry.

    My question, what is Malware Analysis Telemetry in this context.


    Kindly
    Wasfi


  • 2.  RE: What is Malware Analysis Telemetry
    Best Answer

    Broadcom Employee
    Posted Jun 04, 2020 11:26 AM
    Hi Wasfi

    from the online help

    Content Analysis sends the following data to Symantec Corporation backend servers to improve usability and to provide better detection:

    System and Service Information

    • Version, build, and model number
    • Uptime
    • Application configuration
    • Health and hardware stats such as CPU, RAM, NICs, and HDD usage or failure
    • Hardware serial number
    • Hashed license key
    • Public IP address

    Malware Analysis Data

    • IntelliVM (IVM)profile in use (name, OS version, and custom description)
    • IVM activations
    • Plugins in use for IVM profile
    • Queue size
    • From analysis tasks: Risk scores, pattern version and hits, sample name and type, sample size and hash, task ID, dropped file hash, execution time and arguments, file reputation data, execution time, task owner, submitter source