2.1.5. Retroact engine
2.1.5.1. Presentation
The Retroact engine enables the resubmission, in time, of files with malicious potential in the Malcore engine.
2.1.5.2. Retroact analysis engine
The Retroact engine will store files tagged as Suspicious and resubmit them to the Malcore engine at regular time intervals.
Retroact's file retention policy is based on the retention time set on the GCenter.
The suspicious file is therefore re-scanned every day during the retention period.
The relevance of this engine is that it makes it possible to detect malware via Malcore even days or weeks after it has entered the network. This is thanks to the new signatures and heuristic methods of antivirus engines.
This configuration interface is described in the paragraph `Admin-GCenter- Malcore Management` screen of the legacy web UI.
For the implementation, refer to Setting up GBox and the Malcore and Retroact engines and activate the GBox.
2.1.5.3. Counters associated with the Rétroact engine
The following counters are present in Malcore events:
Field |
Required |
Description |
Values |
|---|---|---|---|
nb_rescans |
Yes |
No. of analyses by Retroact |
"Not reanalyzed", 1, 2 .. n |
Retroact |
Yes |
Result of the Retroact analysis By default this field is set to NO
Only suspicious files will be re-scanned by retroact.
|
This field can be set to None or advanced malware,
if Retroact declares the file as infected
|
2.1.5.4. Viewing the status of Retroact
The current motor status is displayed in the Web UI `Health checks` screen.
2.1.5.5. Retroact Update
There are updates (Updates) for the Retroact engine.
These updates can be done manually or scheduled via GUM.
See section Presentation of GUM: dedicated module for managing updates and in particular part Update signatures and/or engines (update).
2.1.5.6. Retroact Setup
The Retroact engine must be activated and this activation is done in the configuration screen.
The configuration GUI is described in `Admin-GCenter- Malcore Management` screen of the legacy web UI.
The implementation of the Retroact configuration is given in the procedure of Setting up GBox and the Malcore and Retroact engines and activate the GBox.