McAfee's Advanced Threat Defense allows for file samples to be analyzed by custom images. This means detection
rates will be based on your specific organization's configurations, not a dated or irrelevant OS or configuration. In
this document we'll cover the steps to create a custom image. Importing the image and configuring the way samples
are analyzed are covered here.
Before Getting Started
Creating a custom image will take about an hour, about half of this time will be spent waiting. To make this as simple
as possible I've gathered the links to resources you'll need in this document. Here's a list of things you'll need:
- VMworkstation 9.0 (or above)
- .ISO file for the image you wish to create and associated license key
- Microsoft Office
- File Format Converter (for converting older office formats to the newer .docx format)
*TIP: I download all of the packages into a single folder and then place them on a network drive that is available
in the VM I'm creating. It saves a lot of time downloading in the VM or transferring files later. Also many
of these can be used when creating addition analyzer Virtual Machines and it's convenient to have them later.
Creating and customizing the VMDK
In most cases I try to simplify the product guide to distill only the information you'll need however in this case the
product guide is very clear and includes screen shots. The process begins on page 71.