2.1.7. Detection by GScan
GScan allows you to manually submit files for analysis.
The following options are possible:
- Malware: submit files to the Malcore engine
- Powershell: scans files containing Powershell scripts and detects potential threats that can serve as a gateway to install malware on Windows.With regard to malicious powershells, detection is based on a supervised machine learning model, and on the fact that these scripts generally use offuscation techniques or that are similar to them (base64, concatenation, type conversion, etc.).
- Shellcode: submits files for analysis by the codebreaker detection engine.
Before starting an analysis, it is necessary to check the type of analysis to be performed, see above.
To start parsing a file, simply drag the file into the
`DRAG and DROP or CLICK TO SELECT YOUR FILES` area or click on this area to send the suspicious file.The result of the analysis is then displayed in a thumbnail with the status of the file for each type of analysis chosen.
The
`SCAN HISTORY` page displays the history of the analyses performed.Note
Attention the maximum file size should not exceed 10MB by default.
There is no limitation on the number of file scans.
Concerning the compressed files analyzed by Malcore:
The number of files contained in an archive is:
limited
editable (50 is the default)
The number of times the file is compressed is:
limited (max recursion level)
editable (5 is the default)
If files are password protected, the password must be declared in the global settings.
These settings are only accessible to members of the administrator group.
See procedure for Setting up GBox and the Malcore and Retroact engines and activate the GBox.
Modify if necessary the maximum size of files sent to Gscan (MB)
Modify if necessary the maximum recursion level for archives sent to Gscan
Modify if necessary the maximum number of archive files sent to Gscan
The GUI is described in Web UI `GScan` screen.
For implementation, see the Detection procedure by Gscan.