What happens when a hacker attempts to upload a malicious file to a company network with an FX appliance installed in quarantine mode? The attacker can use a shared drive or content store, e.g. SharePoint, to deliver hidden malware code in a common file, such as PDF, Flash, ZIP/RAR/TNEF archives, or an image.
In a typical set up, the FX scans all new and updated files entering the network. Files are sent to the MVX engine for dynamic analysis to determine if they are malicious. The MVX engine detonates the malicious file in a virtual environment to observe the full path and behavior of the malware. If the file is malicious, the FX quarantines it in a configured remote directory, isolated from the network. Safe files are routed to a good file share.
The data generated from MVX engine analysis is used to create a profile of the attack. This malware profile is shared with the FireEye community through the DTI cloud, so all FireEye appliances can identify and prevent future attacks. With a CM appliance installed, FX analysis results can be shared with other FireEye appliances through the CM. This provides real-time protection against emerging attacks on all fronts.