Files are analyzed in the Forcepoint Advanced Malware Detection™ tool, a sandbox that identifies threats and, if applicable, provides forensic details on a file's infection and post-infection behavior. File submission methods and sandboxing results vary according to user access level:
All Levels: The Advanced Malware Detection tool is activated whenever a link submitted to CSI ACE Insight initiates a file download.
Level 1 & 2: Only web-based files can be submitted to the Advanced Malware Detection tool, under the "Enter a URL/IP Address" tab. A CSI ACE Insight report is generated after analysis, indicating the severity level of any threat detected.
Level 3: Local files and web-based files can be submitted to the Advanced Malware Detection tool, under the "Upload a File" tab or "Enter a URL/IP Address" tab, respectively. A complete ACE Insight Report is generated after analysis, indicating the severity level of any threat detected, as well as describing any activities found in processes, the registry, and other areas of the computer.
In part 2 of this blog series we focus on the general approach of malicious Office documents to either embed code into the document or to insert links to download the content they need to run. We will investigate different approaches and how they manifest themselves in documents so we can evaluate the risk they pose. We will show live examples using the various methods.
In case you