8.8.1. Setting up GBox and the Malcore and Retroact engines and activate the GBox
8.8.1.1. Introduction
This procedure describes:
Enabling the GBox automatic analysis. For this, see the Procedure to enable the GBox analysis
Setting up the scan expiration time for an already scanned file. For this, see the Procedure to setup the analysis timeout
Setting up the Retroact engine. For this, see the Procedure to setup Retroact
Setting up the Malcore engine. For this, see Procedure to change the analysis limits
Note
The graphical interface is described in `Admin-GCenter- Malcore Management` screen of the legacy web UI.
8.8.1.2. Prerequisites
User : member of Administrator group
8.8.1.3. Preliminary operations
Login to GCenter via a browser (see Connecting to the GCenter web interface via a web browser). with the prerequisite rights.
8.8.1.4. Procedure to access the `Malcore Management`
window for an administrator account
In the navigation bar, successively click on:
The
`Admin`
buttonThe
`Gcenter`
sub-menu The`Malcore Management`
commandThe`Malcore Management`
window is displayed.
Click on the
`Global settings`
section.
8.8.1.5. Procedure to enable the GBox analysis
Note
The GBox must be configured beforehand.
Use the
`Enable automatic GBox analysis`
selector (6) to transfer files listed by Malcore as Suspect or Infected to a GBox.
8.8.1.6. Procedure to setup the analysis timeout
- If necessary change the
`Expiration delay`
parameter (4).This parameter sets the time during which Malcore will not re-scan a file already seen on the network.If the antivirus engines were updated and the same file reappears, it will be scanned again.During the specified time, if a file is seen on the network again, then it is not re-scanned. The result of the first scan is used. - Confirm the changes using the
`Save`
button (15).A confirmation message is displayed:`Updated with success`
.
8.8.1.7. Procedure to setup Retroact
Note
Use the
`Enable retroactive engine`
selector (3) to have files listed by Malcore as Suspect re-scanned when engines are updated.- Confirm the changes using the
`Save`
button (15).A confirmation message is displayed:`Updated with success`
.
8.8.1.8. Procedure to change the analysis limits
Note
Increasing the limits can lead to more detection although it has a negative impact on performance.
Modifying the analysis parameters in terms of flows taken into account by the Malcore engine:
If necessary, modify parameter (9): maximum size of files extracted by a GCap (MB)
If necessary modify parameter (10): maximum recursion level for archives extracted by GCap
If needed, modify parameter (11): maximum number of files for the archives extracted by GCap
Note
The size of the files extracted by a GCap and the maximum file size taken into account by the Malcore engine may differ.The maximum file size value on the GCap side must always be smaller than the maximum file size on the Malcore side.
Modifying the analysis parameters via the GSCan module by the Malcore engine:
If necessary, modify parameter (12): maximum size of files sent to GScan (MB)
If necessary, change the parameter (13): maximum recursion level for the archives sent to Gscan
If necessary, modify the parameter (14): maximum number of archive files sent to Gscan
- Confirm the changes using the
`Save`
button( 15).A confirmation message is displayed:`Updated with success`
.