cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
mario.natinet
Level 7
Report Inappropriate Content
Message 1 of 8
‎03-30-2017 04:10 AM

How to remove Analyzer Profile ?

Just like the screenshot. I cannot remove the profile, even thought no analysis is running. I tried to reboot the ATD and delete, still not work.

ATD version: 3.8.0.29.53939

*Edit

Another questions :

1) How can I factory resets ATD-3000 appliance? Command "factorydefaults" is not availabe in cli and ssh.

2) I am very annoyed with android image on this ATD. during boot up, it takes a lot of time just to boot the android vm. and somehow I cannot delete android vm image.

Someone can help me to disable or delete android vm?

System Logs:

2017-03-30-18:36:47: starting vmcreator

2017-03-30-18:36:49: lvclean was successful.

2017-03-30-18:36:49: Copying image base to work folder: win7sp1x64_win7ver1.img

2017-03-30-18:38:51: Copied 14.53G in 122 seconds

2017-03-30-18:38:51:     121.96Mbytes/second

2017-03-30-18:38:51: Booting VM: win7sp1x64_win7ver1_sn01

2017-03-30-18:38:55: Waiting for VM to come up: win7sp1x64_win7ver1

2017-03-30-18:39:46: Giving more time to come up: win7sp1x64_win7ver1

2017-03-30-18:40:07: VM is up: win7sp1x64_win7ver1

2017-03-30-18:40:12: Starting image install.

2017-03-30-18:40:12: Loading software: win7sp1x64_win7ver1

2017-03-30-18:40:13: Ftp login OK.

2017-03-30-18:40:14: Upload installation image OK.

2017-03-30-18:40:16: Telnet login successful.

2017-03-30-18:40:16: ------ Running the OS validation tool ------

2017-03-30-18:40:26: OS Windows 7    6.1

2017-03-30-18:40:26: FTP OK

2017-03-30-18:40:26: TELNET OK

2017-03-30-18:40:26: AUTOLOGON OK

2017-03-30-18:40:26: ADMINISTRATOR OK

2017-03-30-18:40:26: FIREWALL OK

2017-03-30-18:40:26: FreeSpace OK

2017-03-30-18:40:26: Microsoft Office 2010 OK

2017-03-30-18:40:26: Adobe Reader 11.0 OK

2017-03-30-18:40:26: java version "1.8.0_92" OK

2017-03-30-18:40:26: flash not exist OK

2017-03-30-18:40:26: Activation OK

2017-03-30-18:40:26: Scan Complete!

2017-03-30-18:40:26:

2017-03-30-18:40:26: ---------------------------------

2017-03-30-18:40:26: Found installation image.

2017-03-30-18:40:26: Installing application

2017-03-30-18:40:31: Finishing up installation.

2017-03-30-18:41:16: Completed software installation.

2017-03-30-18:41:16: -------------------------------------------

2017-03-30-18:41:16: Finished install for OS: win7sp1x64_win7ver1

2017-03-30-18:44:20: Copied 4.94G in 9 seconds

2017-03-30-18:44:20:     562.55Mbytes/second

2017-03-30-18:44:35: Completed image prep...

2017-03-30-18:44:35: ----------------------------------------------------------------

2017-03-30-18:44:35: total number of VMs configured: 2

2017-03-30-18:44:35: ----------------------------------------------------------------

2017-03-30-18:44:35: creating VM: win7sp1x64_win7ver1_sn01

2017-03-30-18:44:35: Checking vm status: win7sp1x64_win7ver1_sn01

2017-03-30-18:44:36: Booting VM: win7sp1x64_win7ver1_sn01

2017-03-30-18:44:36: VM has started: win7sp1x64_win7ver1_sn01

2017-03-30-18:44:36: Creating snapshot for: win7sp1x64_win7ver1_sn01

2017-03-30-18:45:14: time taken: 39.084436

2017-03-30-18:45:14: creating VM: android_sn01

2017-03-30-18:46:12: Checking vm status: android_sn01

2017-03-30-18:46:12: Booting VM: android_sn01

2017-03-30-18:46:17: VM has started: android_sn01

2017-03-30-18:46:17: Creating snapshot for: android_sn01

2017-03-30-19:01:28: -----------------------------------------------------------------------------

2017-03-30-19:01:28: vmcreator FAILURE

2017-03-30-19:01:28: The analysis VM creation process has failed. The ATD system needs to be restarted.

2017-03-30-19:01:28: Log into the CLI interface and enter the command "reboot vmcreator" to reboot the system and re-run vmcreator.

2017-03-30-19:01:28: Updating VM database

2017-03-30-19:01:33: Vmcreator success.

2017-03-30T19:01:34+0800: [vmcreator.sh] ::1490871694.281110189 - 1490870193.695460618 = 1500.585649571, minutes = 25

0 Kudos
Reply
7 Replies
Highlighted
mario.natinet
Level 7
Report Inappropriate Content
Message 2 of 8
‎03-31-2017 03:09 AM

Re: How to remove Analyzer Profile ?

I found the analyzer profile "AP_defa", which is the first profile I created,  is automatically became default analyzer profile of all local users.

Screenshot:

matd_analyzer_profile.jpg

After I change the default analyzer profile in all local users. I can delete the profile.

But,

1) I still don't know how to factory reset ATD-3000 appliance

2) The android VM still bugging me, I don't need android VM but I still cannot delete it. Based kb: McAfee Corporate KB - How to remove the default Android VM provided in Advanced Threat Defense KB863...

command "removeAndroid" should do the job, but it does not work. And it created android vm automatically, after bootup.

Please see screenshot below:

0 Kudos
Reply
Highlighted
mjesmer
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 8
‎03-31-2017 09:42 AM

Re: How to remove Analyzer Profile ?

Command to factory reset ATD is listed in the Product Guide, you can Ctrl+F and look for factorydefaults.

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26831/en_US/...

Page 142 at the Bottom.

Thanks,

Matthew Jesmer

0 Kudos
Reply
Highlighted
mjesmer
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 8
‎03-31-2017 09:59 AM

Re: How to remove Analyzer Profile ?

I forgot to mention, you can also reimage/restore the ATD using a USB Recovery Image.

This is a somewhat time consuming process, and requires direct access to the ATD appliance.

Instructions can be found in the Product Guide on Page 177-179

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26831/en_US/...

If you are just re-imaging / factoryresetting the ATD in an attempt to remove the Android VM, I would recommend you open an SR with support first. They should be able to assist you in dropping the Android VM from the backend of the box. (Might save you time, I say might because Queue times and response times via email can be slow)

Everything that you supplied to this thread I would also include in your SR.

Regards,

Matthew Jesmer

0 Kudos
Reply
Highlighted
bretzeli
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 8
‎07-17-2017 12:10 AM

Re: How to remove Analyzer Profile ?

He wants to remove the Analyzer Profile NOT Reset the ATD? The thing costs USD 100'000.- and does not work sometimes...

@mario.natinet, Open a case with them OR maybe as last option TRY to migrate to 4.0 version of the ATD. Now here two comments a) You should BECAUSE the 3.8 has a serious EXPLOIT b) The ATD 4.X has some bug with 64BIT VM's and DELPHI EXE/DLL. But in your case if you are realy stuck maybe a good option to try that first.

0 Kudos
Reply
Highlighted
mjesmer
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 8
‎07-19-2017 07:30 AM

Re: How to remove Analyzer Profile ?

If you read the entire case you would see that he also asks about resetting the ATD.

Thanks,

0 Kudos
Reply
Highlighted
bretzeli
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 8
‎07-20-2017 04:12 AM

Re: How to remove Analyzer Profile ?

@mjesmer,

I am reading Forum Entrys like Mcafee TIER Subject AND the rest while customer on the phone. 😉

Learned that from Mcafee.....

Reply
Highlighted
Troja
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 8
‎07-20-2017 06:03 AM

Re: How to remove Analyzer Profile ?

Hello ​,

i removed analyzer VMs and analyzer profiles multiple times from ATD. So, i think you know the dependencies on ATD. A user has an analyzer profile configured, the analyzer profile itself includes one or more VM profiles.

If you remove an Analyzer Profile from the users you should be able to remove the Analyzer Profile.

If you remove a VM Profile from any Analyzer Profile you should be able to delete the VM Profile.

If there is a "damaged" Image file for a Analyzer VM on ATD i confirm with ​, support can remove any of these image files.

If you want to reset the ATD, this should also be no problem. From my side, I never had the need to reset an ATD appliance to factory defaults since version 3.6.x or 3.8.x.

Just a question, have you updated your ATD?? If yes, have you updated the android image as well? 🙂

Finally one thing, which Analyzer Profile is your default profile?? I´m not shure if it works when you try to remove the default VM Profile.

Cheers

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC