5.6.29. `Admin-GCenter- Malcore Management` screen of the legacy web UI

After pressing the `Malcore Management` command from the `Admin-GCenter` menu, the following screen is displayed.
The `Malcore Management` screen contains the following sections:

Section

Function

Description

`Malcore Global settings`

Configuring the Malcore engine

Enabling GBox analysis and the Retroact engine

`White List`

List of valid hashes

Whitelist management: files that have their sha256 fingerprints in this file are considered safe.

`Black List`

List of infected hashes

Blacklist management: files that have their sha256 fingerprints in this file are considered infected.


5.6.29.1. `Global settings` section of the `Malcore Management` submenu

The `Global settings` window displays the Malcore engine settings.

../../_images/MALCORE_SETTING-01.PNG ../../_images/MALCORE_SETTING-02.PNG

This window consists of:

  • A parameter (6) to enable automatic analysis GBox c.a.d transfer files classified by Malcore as 'Suspect' or 'Infected' to a GBox

  • Of a parameter (4) in the `Analysis expiration` area (5):
    This setting is the delay (in hours) after which a malware scan is considered outdated.
    If the antivirus engines have been updated and the same file reappears, it will be scanned again.
    If the antivirus engines have not been updated or the timeout has not passed, the Malcore scan will reuse its previous results.
    Default value: 24h
  • Of a `Enable retroactive engine` field (2) of the zone (3)
    This selector activates the Retroact engine c.a.d files classified by Malcore as 'Suspect' are scanned again, at most once a day, when the antivirus engines are updated.
    For each file, the scan continues until the file is no longer suspicious (declared clean or infected) and as long as it is on the file system (see Data retention GCenter > Configuration > Global settings).
  • A zone (8): analysis limits of the Malcore engine

  • Field (9): maximum file size extracted by GCap (MB)

  • Field (10): Maximum recursion level for archives extracted by GCap

  • Field (11): Maximum number of files for archives extracted by GCap

  • Field (12): Maximum size of files sent to GScan (MB)

  • Field (13): Maximum recursion level for archives sent to GScan

  • Field (14): Maximum number of archive files sent to GScan


5.6.29.2. `White List` section of the `Malcore Management` submenu

The `White List` window displays the exception list called Whitelist which contains the list of SHA256 fingerprints of files that Malcore should consider healthy.
These files are declared healthy without analyzing them and defined using their SHA256 fingerprint.
../../_images/MALCORE_WL-01.PNG

This window consists of:

  • Two buttons for adding items to the list:

  • One `Add a single SHA256` button (1) to add a single item by manually entering the requested information

  • One `Add a set of SHA256` button (6) to add a set of items using a pre-filled .csv file

  • Elements (7) that make up the list. For each element, the following items are displayed:

  • `SHA256` field (2): SHA256 fingerprint of the item in question

  • `Created` field (3): creation date of the record

  • `Comment` field (4): optional comment for the item

  • `Remove` button (5) for deleting the item in question


5.6.29.3. `Black List` section of the `Malcore Management` submenu

The exception list called Blacklist contains the SHA256 fingerprint list of files that Malcore should consider compromised.
These files are declared compromised without parsing and defined using their SHA256 footprint.
../../_images/MALCORE_WL-02.PNG

This window consists of:

  • Two buttons for adding items to the list:

  • One `Add a single SHA256` button (1) to add a single item by manually entering the requested information

  • One `Add a set of SHA256` button (6) to add a set of items using a pre-filled .csv file

  • elements (8) that make up the list. For each element, the following items are displayed:

  • `SHA256` field (2): SHA256 fingerprint of the item in question

  • `Created` field (3): creation date of the record

  • `Thread` field (4):

  • `Comment` field (5): optional comment for the item

  • `Remove` button (7) for deleting the item in question