The information displayed on the Report tab changes depending on the type of file that NSX Network Detection and Response analyzed.
To view a report, click the down-arrow on the Report tab and select one of the available reports.
Click and to expand and collapse the sections on the tab.
Analysis Information Section
The
Analysis Information section contains key information about the analysis that the current report refers to:
- Analysis subject: The MD5 hash of the file.
- Analysis type: The type of analysis that was performed:
- Dynamic analysis on Microsoft Windows 10: The NSX Advanced Threat Prevention service ran the analysis subject in a simulated Windows 10 environment using the NSX Network Detection and Response sandbox. The system monitors the file behavior and its interactions with the operating system looking for suspicious or malicious indicators.
- Dynamic analysis on Microsoft Windows 7: The NSX Advanced Threat Prevention service ran the analysis subject in a simulated Windows 7 environment using the NSX Network Detection and Response sandbox. The system monitors the file behavior and its interactions with the operating system, looking for suspicious or malicious indicators.
- Dynamic analysis in instrumented Chrome browser: The NSX Advanced Threat Prevention service inspected the analysis subject (such as an HTML file or URL) using the instrumented browser, which is based on Google Chrome. The instrumented browser reproduces faithfully the behavior of the real browser and therefore is not easily fingerprinted by malicious content.
- Dynamic analysis in emulated browser: The NSX Advanced Threat Prevention service inspected the analysis subject (such as an HTML file or URL) using the emulated browser. The emulated browser can dynamically emulate different browser "personalities" (for example, changing its
user-agen
or varying the APIs that it exposes). This capability is useful when analyzing malicious content that targets specific browser types or versions. The drawback of this type of analysis is that this browser is less realistic and can possibly be fingerprinted by malicious content. - Dynamic analysis in simulated file-viewer: The NSX Advanced Threat Prevention service inspected the analysis subject (such as a PDF file) using the simulated file-viewer. The viewer can detect embedded contents and links.
- Archive inflation: The NSX Advanced Threat Prevention service inflated the analysis subject (an archive), extracted its contents, and submitted the contents for analysis if they are of an appropriate type.
- Password used: If available, the password that the NSX Advanced Threat Prevention service used to decrypt the sample successfully, is provided.