How to re-create VM profiles in Advanced Threat Defense
技术文章 ID:
KB89552
上次修改时间: 5/8/2020
环境
McAfee Advanced Threat Defense (ATD) 4.x
问题
When you upgrade your ATD appliance to a later release, Microsoft Windows or Office, which is installed as part of your sandbox VMs, requests activation.
You see this request in the Screenshot section of the Analysis Report and in the X-Mode desktop.
原因
The ATD upgrade included an update to the hypervisor in the ATD back-end. This update triggered a Windows or Office license activation.
解决方案
To resolve this issue, first try to re-create the VM profiles as follows:
- Reactivate Windows or Office:
- Navigate to Policy, VM Profile.
- Click New.
- Select the IMG image that you want to reactivate from the Image drop-down list.
- Click Activate.
- In the Activation browser window, complete the activation of your Microsoft product.
- Perform a graceful shutdown of the Windows operating system in the activation browser window.
- After Windows shuts down, close the activation browser window.
- Validate the VM:
- (Optional) If your Windows VM is non-English and its local administrator account name is not administrator, type the administrator account name of your VM in the VM logon field.
- Click Validate.
- Confirm that validation completes.
- Click Save.
- Wait until VM creation process finishes.
- Open an SSH session to your ATD appliance, and log on using cliadmin credentials.
- Reflect the activated Windows/Office image to the sandbox VM:
reboot vmcreator
- Wait until ATD reboots and completes VM creation.
- After you reactivate Windows or Office, manually submit a sample and confirm that Windows or Office no longer requests activation.
If you no longer see the request for activation, you do not need to continue following the additional troubleshooting steps. If you still see a Windows or Office activation request, continue to the next Solution section to delete and re-create the VM profiles.
解决方案
If re-creating the VM profiles using the previous Solution didn't resolve the issue, delete and re-create the VM profiles as follows:
IMPORTANT: If you have multiple VM profiles, and you see activation requests in only a specific VM profile, continue to the Further troubleshooting subsection below.
Otherwise, you need to create a temporal VM profile and its associated analyzer profile before you delete the affected VM profiles.
Create a temporal VM profile:
- Convert your VMDK image to a temporary IMG image:
- Select Manage, Image & Software, Image.
- From the VMDK Image drop-down list, select the VMDK image for your temporary VM.
- Type a name for your temporary image.
- From the Operating System drop-down list, select the appropriate operating system type.
- Click Convert.
- Activate the temporary VM:
- Select Policy, VM Profile.
- Click New.
- From the Image drop-down list, select the temporary IMG.
- Click Activate.
- In the Activation browser window, complete the activation process.
- Perform a graceful shutdown of the Windows operating system in the activation browser window.
- After Windows shuts down, close the activation browser window.
- Validate the temporal VM:
- (Optional) If your Windows VM is non-English and its local administrator account name is not administrator, enter the administrator account name of your VM in the VM logon field.
- Click Validate.
- Confirm that the validation completes.
- For Maximum Licenses, type 1.
- Click Save.
- Create a temporary analyzer profile using the temporary VM profile:
- Select Policy, Analyzer Profile.
- Click New.
- In the Name field, type a name for the temporary analyzer profile.
- From the VM Profiles drop-down list, select the temporary VM profile.
- Click Save. You do not need to change other settings because you need this analyzer profile only while reactivating your main VM.
Further troubleshooting:
- Change the users' default analyzer profile from the affected profile to an alternative:
- Select Manage, ATD Configuration, temporary.
- Select the user whose Default Analyzer Profile uses the affected VM.
- Click Edit.
- Change the Default Analyzer Profile from the affected VMs to an alternative.
- Click Save.
- Repeat the above steps for all users whose default analyzer profile is affected.
- Delete one or more affected analyzer profiles:
- Navigate to Policy, Analyzer Profile.
- Identify the analyzer profile that uses the affected VM profile, and select it.
- Click Delete.
NOTE: If the analyzer profile is used as the default analyzer profile in ATD user, you can’t delete the analyzer profile. Make sure that you change the default analyzer profiles from the affected profile to the temporary profile before you try to delete the analyzer profile.
- Repeat the above steps for all affected profiles.
- Delete one or more affected VM profiles:
- Select Policy, VM Profile.
- Identify the VM profile requesting activation of Windows or Office, and then select it.
- Click Delete.
- Repeat the above steps for all affected profiles.
- Reactivate Windows or Office:
- Navigate to Policy, VM Profile.
- Click New.
- From the Image drop-down list, select the IMG image that you want to reactivate.
- Click Activate.
- In the Activation browser window, complete the activation process.
- Perform a graceful shutdown of the Windows operating system in the Activation browser window.
- After Windows shuts down, close the Activation browser window.
- Validate the VM:
- (Optional) If your Windows VM is non-English and its local administrator account name is not administrator, type the administrator account name of your VM in the VM logon field.
- Click Validate.
- Confirm that validation completes.
- For Maximum Licenses, type the needed number of VMs.
- Click Save.
- Create an analyzer profile using the reactivated VM profile:
- Select Policy, Analyzer Profile.
- Click New.
- In the Name field, type the name for your reactivated analyzer profile.
- In the VM Profiles drop-down list, select the reactivated VM profile.
- Configure analyzer profile settings as needed.
- Click Save.
- Revert the users' default analyzer profile from the temporary profile to the reactivated one:
- Select Manage, ATD Configuration, ATD Users.
- Select the user whose Default Analyzer Profile uses the temporary profile.
- Click Edit.
- Change the Default Analyzer Profile to the reactivated one.
- Click Save.
- Repeat the above steps for all users whose default analyzer profile is the temporary profile.
|
