Submissions Parent topic

The Submissions screen, in Virtual Analyzer Submissions, includes a list of samples processed by Virtual Analyzer. Samples are files and URLs submitted automatically by Trend Micro products or manually by TippingPoint Advanced Threat Protection Analyzer administrators.
The Submissions screen organizes samples into the following tabs:
  • Completed:
    • Samples that Virtual Analyzer has analyzed
    • Samples that have gone through the analysis process but do not have analysis results due to errors
  • Processing: Samples that Virtual Analyzer is currently analyzing
  • Queued: Samples that are pending analysis
On the tabs in the screen, check the following columns for basic information about the submitted samples:

Submissions Columns

Column Name and Tab Where Shown
Information
File/Email Message Sample
URL Sample
Risk Level
(Completed tab only)
Virtual Analyzer performs static analysis and behavior simulation to identify a sample’s characteristics. During analysis, Virtual Analyzer rates the characteristics in context and then assigns a risk level to the sample based on the accumulated ratings.
  • Red icon (grid_dot_red.png): High risk. The sample exhibited highly suspicious characteristics that are commonly associated with malware.
    Examples:
    • Detected as known malware
    • Contains exploit code in document
    • Attempts to connect to malicious host
    • Stops or modifies antivirus service
    • Downloads executable payload
    • Hides file in system folder to evade detection
    • Hides service using rootkit
    • Exhibits behavior associated with ransomware
  • Orange icon (grid_dot_orange.png): Medium risk. The sample exhibited moderately suspicious characteristics that are also associated with benign applications.
  • Yellow icon (grid_dot_yellow.png): Low risk. The sample exhibited mildly suspicious characteristics that are most likely benign.
  • Green icon (grid_dot_green.png): No risk. The sample did not exhibit suspicious characteristics.
  • Gray icon (grid_not_analyzed.png): Not analyzed.
    For possible reasons why Virtual Analyzer did not analyze a file, see Possible Reasons for Analysis Failure.
Note
Note
If a sample was processed by several instances, the icon for the most severe risk level displays. For example, if the risk level on one instance is yellow and then red on another instance, the red icon displays.
Mouseover the icon for details about the risk level.
Completed
(Completed tab only)
Date and time that sample analysis was completed
Event Logged
(All tabs)
  • For samples submitted by other Trend Micro products, the date and time the product dispatched the sample
  • For manually submitted samples, the date and time TippingPoint Advanced Threat Protection Analyzer received the sample
Elapsed Time
(Processing tab only)
The amount of time that has passed since processing started
Time in Queue
(Queued tab only)
The amount of time that has passed since Virtual Analyzer added the sample to the queue
Source / Sender
(All tabs)
Where the sample originated
  • IP address for network traffic or email address for email
  • No data (indicated by a dash) if manually submitted
Destination / Recipient
(All tabs)
Where the sample is sent
  • IP address for network traffic or email address for email
  • No data (indicated by a dash) if manually submitted
Protocol
(Completed tab only)
  • Protocol used for sending the sample, such as SMTP for email or HTTP for network traffic
  • No data (indicated by a dash) if manually submitted
File Name / URL
(Completed tab only)
  • File name of the sample
  • File name of the archive / File name of highest risk child object
  • File name of the archive / File name of any child object if no risk
Note
Note
"NONAMEFL" if file size is 0 or too small for analysis
URL
Note
Note
TippingPoint Advanced Threat Protection Analyzer may have normalized the URL when submitted using the management console.
File Name / Email Subject / URL
(Processing and Queued tabs)
File name or email subject of the sample
URL
Note
Note
TippingPoint Advanced Threat Protection Analyzer may have normalized the URL when submitted using the management console.
Type
(Completed tab only)
  • Type of the object
  • Type of the archive / Type of the highest risk child object
  • Type of the archive / Type of any child object if no risk
Note
Note
"Empty" or "UNKNOWN" if file size is 0 or too small to identify file type for analysis
  • URL
  • URL / Type of the object
Submitter
(All tabs)
  • Name of the Trend Micro product that submitted the sample
  • "Manual Submission" if manually submitted
Submitter Name
(All tabs)
  • Host name of the Trend Micro product that submitted the sample
  • No data (indicated by a dash) if manually submitted
Threat
(Completed tab only)
Name of threat as detected by Trend Micro pattern files and other components
If the Risk Level column generates a gray icon (grid_not_analyzed.png), Virtual Analyzer has not analyzed the sample. The following table lists possible reasons for analysis failure and identifies actions you can take.

Possible Reasons for Analysis Failure

Reason
Action
Unsupported file type
To request a list of supported file types, contact Trend Micro support.
Note
Note
If a file has multiple layers of encrypted compression (for example, encrypted compressed files within a compressed file), Virtual Analyzer is unable to analyze the file, and displays the "Unsupported File Type" error.
Microsoft Office 2007/2010 not installed on the sandbox image
Verify that Microsoft Office 2007 or 2010 has been installed on the sandbox by going to Virtual AnalyzerSandbox Management. For details, see Sandbox Management.
Unable to simulate sample on the operating system
Verify that TippingPoint Advanced Threat Protection Analyzer supports the operating system installed on the sandbox image.
Unable to extract archive content using the user-defined password list
Check the password list in Virtual AnalyzerSandbox ManagementArchive Passwords tab.
URL character limit exceeded
Verify that the URL does not exceed 2,048 characters.
File size limit exceeded
Verify that the file size does not exceed 60MB.
Unsupported encryption or compression format
Decrypt or extract the file and resubmit the object for analysis.
Unable to access the Internet
Verify that external connections are enabled.
Unable to connect to the cloud sandbox
Verify the connection of the management network to the Internet.
Cloud sandbox analysis timed out
Resubmit the object for analysis. If the issue persists, contact your support provider.
Internal error occurred on the cloud sandbox
Please contact your support provider.
Internal error (with error number) occurred
Please contact your support provider.
Related information