Familiarize yourself with the key terminologies that are used in NSX Malware Prevention.
Cloud File Analysis
- NSX Malware Prevention sandboxing and behavioral analysis
- Statistical algorithms
- Artificial intelligence and machine learning
- Deep content inspection
NSX-T sends unknown files over a secure connection to the cloud only when you opt for cloud file analysis in your Malware Prevention security profile.
File Event
An event that is generated when a file is extracted or intercepted from the data path traffic on an NSX Edge or a Guest VM on the host. On an NSX Edge, the file is extracted by the NSX IDPS engine, and on a Guest VM, the file is extracted by the NSX File Introspection driver in the Guest Introspection (GI) thin agent.
Local File Analysis
Local file analysis is done inside the NSX-T Data Center on NSX Edge Transport Nodes and ESXi Host Transport Nodes that are activated for NSX Malware Prevention. It involves a lightweight scanning of unknown files against a known set of file hashes to detect whether the file is benign, malicious, or suspicious.
Malware Class
It is the type of threat. Examples of malware class are virus, trojan horse, worm, adware, ransomware, spyware, and so on.
Malware Family
It is a name that identifies a specific group of malware files, which typically originate from the same source code or developed by the same malware authors. Examples of malware families are valyria, darkside, and so on.
Reputation
Threat information about a file, URL, or other artifacts that provides details about the file, URL.
- Name of the file publisher
- Is the file signed (Yes or No)
- The signing authority of the file
- Reputation category of the file (malware, suspect, trusted)
- Malware class to which the file belongs to. For example, Trojan horse, backdoor, adware, and so on.
File reputation details are stored in the cloud and accessible to all the NSX-T Data Center customers.
Threat Score
It denotes the degree of risk or malicious intent that is associated with the file. A high threat score indicates a greater amount of risk, and the reverse.
Verdict
Value | Description |
---|---|
Benign |
The file is good or safe to be downloaded. |
Trusted |
The file is trusted based on its behavior. |
Highly Trusted |
The file is from a highly trusted source, for example, Microsoft, Apple, Adobe, and so on. |
Malicious |
The file is harmful or a threat to the data center. |
Suspicious |
The file is potentially harmful or unwanted. |
Unknown |
The file is not known to NSX-T and therefore no decision is available for the file. |
Uninspected |
This file is not inspected by NSX Malware Prevention because you had earlier suppressed or allowlisted the file. |
Zero-day Threat
A threat that is not seen in NSX-T Data Center before and which does not match any of the known malware signatures.