This document will explain how to import a custom image into the McAfee Advanced Threat Defense, or ATD.
There are three key things that will be accomplished in this document. First, we will open an FTP client, which in this case is a Firefox Extension. The second thing that we will do is connect to the FTP server on ATD using three key credentials: Host/IP Address, Username, and Password. Lastly, we will upload the VMDK file from the local machine to the ATD.
Post version 3.2 the username has been changed from atdadmin to cliadmin
You can also watch the steps described in this document by viewing the video below.
First, we will shutdown the custom image that we have just created in VMware. As we shut the image down, notice that the name of the windows machine we just created is listed on the left pane. As we open our file system and want to FTP our image into the ATD device, we will know the precise name of our machine. You will most likely not have too many images to to choose from, but in case you do, you will want to make a note of the correct image name.
Firefox has an FTP client that we will be using. You will see that in the list below is the file that I want to transfer, but we will show yout the settings real quick for the FTP settings. The IP address is the one you have given the ATD appliance. The logon is "atdadmin" and the password is "atadmin". This should take 15-20 minutes, but may take longer depending on your connection. You can also connect directly to the ATD device and create a small network between the two and FTP it over that way.
Once the file is uploaded, you can go to your ATD device through a web browser. In this case, the logon is username: "admin", password: "admin".
And once we’re going to see the dashboard in the upper right hand corner, you’ll see VM creation successful, which is actually in relation to the default android image that comes with the ATD. So we will change that by navigating to "Manage". Under "Image Management", you’ll see that there is a VDMK image, and you will want to assign a type of image to that. We are going to choose the "win7sp1x64" and convert. This could go on for a couple minutes. To verify that everything is working correctly, we can go into the logs that exist for this. You will see that at the bottom you can choose a log and view where we are at in the creation process. You can leave that open and it’ll update as it goes.
If we also go over to policy, you can see that once it is all done, the VMware conversion process will appear up here. If it is not there, you can go ahead and click on the validate.
Once it is done, you can click the validate option, and that will actually spit out the VM and make sure that it has the connectivity that it needs. We can see that process validated there.
In the description box, you can list what software you are running, such as Adobe 9, Adobe 10, Office 2007, 2010, 2013, etc. By listing the software you are running on your image, you can create multiple images for different inspection purposes. This will make it easier to go back and check. In this case, we will make this profile our default profile because it is our first windows image. Now, we are going to go ahead and create that image, and that process is going to actually spin up the VM and take a snapshot, and it is this snapshot that you can use every time a file is submitted.
And finally if you go into your system log, you can see that the VM was created successfully. This overall process goes pretty quickly, and takes anywhere from 15 minutes to an hour, and there are a lot of checks to see where things are going in the process.