Unknown File Hunter Tool
- Xcitium Unknown File Hunter (UFH) is a lightweight scanner capable of identifying previously undetected threats on a network.
- After a scan, it classifies all audited files as 'Trusted / Clean', 'Malicious', 'Unknown', 'Not Analyzed' or 'In Analysis'.
- While 'Trusted' files are OK and 'Malicious' files should be deleted immediately, it is the 'Unknown' category which houses most zero-day threats.
- The scanner lets you upload unknown files to Verdict to establish whether or not they are malicious. You can view the results of these tests in the Verdict interface.
There are two ways to download the tool:
- From the main Verdict interface
OR
- Click the 'Analyze New File' button
- Then
click the 'Download Unknown File Hunter' button
- Save the setup file to your local device.
Scan your network
- Run the UFH executable to start the utility
- Click 'Scan Now' to select the endpoints you wish to scan:
How to use the Comodo UFH tool
Step 1 - Get started
- Login to your Verdict account at https://verdict.Xcitium.com/login
- Download, install and run 'Unknown File Hunter'
- Click 'Scan Now'
Step 2 - Specify targets and run a scan
The utility provides four methods of specifying target endpoints:
- Active Directory - Import target computers via active directory
- Workgroup - Add computers that belong to a particular work group
- Network Address - Specify individual host names, IP addresses or IP ranges for scanning
- This Computer - Scan your local device to scan for unknown files. You can run quick, full or custom scans
If you need more help to specify targets, refer to our online guide at https://help.Xcitium.com/topic-400-1-794-10428-Scanning-Computers.html. Click 'Start Scan' to begin the scan.
Step 3 – Submit unknown files to Verdict (optional) and view results
Upon scan completion, you will see a results summary as follows:
- You have the option to upload unknown files (aka 'unique hash values') to Verdict for analysis.
- Click 'Yes'. The 'Submit to Verdict dialog will be displayed.
- Enter your username / password or license to login to Verdict and upload your files
OR
- Click 'Sign Up'. If you do not have an account. You will be taken to Xcitium Verdict subscription page.
Verdict is an automated, cloud-based behavior analysis system which subjects unknown files to a battery of static and dynamic tests to try and discover malicious or anomalous behavior.
After
the analysis is complete, you can generate the 'Unknown File Hunter Scans' report.
See Unknown File Hunter Scans for more help with this.
- Next, go back to the Unknown File Hunter interface. All 'Unknown' files from the local scan will be shown in the 'Scan results' tab. Verdict detection will be displayed in the 'Verdict analysis results' tab:
- The bottom of the Unknown file hunter analysis results page displays a summary of files that are (still) unknown and those that CUFH found to be malicious. You can view a more detailed version of these results in the Verdict interface. To do so, click 'Please click here to see the detailed results'. For more details on these results, see Verdict Analysis Results
-
You also can view detailed reports by clicking the 'Reports' tab at the top of the UFH interface:
- Executive - Top level summary of scan results
- Per Device - Scan results per device scanned
- Per Program - Scan results which provide details of each unknown / malicious program, and the devices upon which it was found
For more details about reports, see Reports.
For more help with Unknown File Hunter, please see our online guide at https://help.Xcitium.com/topic-400-1-794-10426-Introduction-to-Xcitium-Unknown-File-Hunter.html