Updating content To upload content to the Advanced Threat Defense Appliance, use the Advanced Threat Defense web interface. Defining Custom Behavioral RulesCustom Behavioral Rules is a set of YARA rules. YARA is a rule-based tool to identify and classify malware. Advanced Threat Defense enables you to use your own YARA rules to identify and classify malware. You can therefore import your own descriptions of malware into Advanced Threat Defense. Define Custom Yara ScannerCustom Yara Scanner is also a set of YARA rules, similar to Custom Behavioral rules. Custom Behavioral Rules is applied on the User API log of an analyzed sample. Custom Yara Scanner serves as an analyzing option in analyzer profile before analysis. Custom Yara Scanner is available as a static analysis option with no dependency on dynamic analysis. Import custom behavioral and YARA scanner rulesImport the custom rule files into Advanced Threat Defense. You can import a maximum of two YARA rules versions. The second version that you upload becomes the Current file, and renders the first version the Backup files. Advanced Threat Defense applies the rules in the Current DAT file for malware detection. Change custom behavioral rules and YARA scanner filesAdd and change the rules in custom behavioral rules and YARA scanner files. Disable custom behavioral rulesTo troubleshoot Advanced Threat Defense, you can disable Advanced Threat Defense customer behavioral rules. Manage whitelist database samples Use the Advanced Threat Defense web interface to manage whitelisted files, URLs, and digital signatures. Manually update DAT version for McAfee Gateway Anti-Malware and Anti-VirusImport up to two DAT for McAfee Gateway Anti-Malware Engine and McAfee Anti-Virus versions. Update the detection packageApply the latest detection package to Advanced Threat Defense.
Updating content To upload content to the Advanced Threat Defense Appliance, use the Advanced Threat Defense web interface. Defining Custom Behavioral RulesCustom Behavioral Rules is a set of YARA rules. YARA is a rule-based tool to identify and classify malware. Advanced Threat Defense enables you to use your own YARA rules to identify and classify malware. You can therefore import your own descriptions of malware into Advanced Threat Defense. Define Custom Yara ScannerCustom Yara Scanner is also a set of YARA rules, similar to Custom Behavioral rules. Custom Behavioral Rules is applied on the User API log of an analyzed sample. Custom Yara Scanner serves as an analyzing option in analyzer profile before analysis. Custom Yara Scanner is available as a static analysis option with no dependency on dynamic analysis. Import custom behavioral and YARA scanner rulesImport the custom rule files into Advanced Threat Defense. You can import a maximum of two YARA rules versions. The second version that you upload becomes the Current file, and renders the first version the Backup files. Advanced Threat Defense applies the rules in the Current DAT file for malware detection. Change custom behavioral rules and YARA scanner filesAdd and change the rules in custom behavioral rules and YARA scanner files. Disable custom behavioral rulesTo troubleshoot Advanced Threat Defense, you can disable Advanced Threat Defense customer behavioral rules. Manage whitelist database samples Use the Advanced Threat Defense web interface to manage whitelisted files, URLs, and digital signatures. Manually update DAT version for McAfee Gateway Anti-Malware and Anti-VirusImport up to two DAT for McAfee Gateway Anti-Malware Engine and McAfee Anti-Virus versions. Update the detection packageApply the latest detection package to Advanced Threat Defense.