The Malcore Desktop Agent (MCDA) presents an accessible means for anyone to benefit from Malcore's exceptional malware analysis capabilities. After installation on the user's system, the agent empowers users to choose the folders they want to monitor. As files are downloaded into these selected folders, the agent instantly analyzes them, providing a threat score for each file. This feature is not only a convenient way for users to leverage Malcore's unique capabilities but also a supplementary protection measure.
However, it's important to bear in mind that MCDA is not a comprehensive solution to prevent malware. It should be used in conjunction with other tools such as anti-virus and EDR to offer robust malware protection.
Installing MCDA is a straightforward process that can be achieved in several ways. Users can download the agent directly from the Malcore website or from Github. Once downloaded, users should unzip the file, verify that the hashsum matches the installer and proceed with the installation steps. For user convenience, a comprehensive installation guide can be found below. We start by verifying the hashsums:
After verifying the hashsum, we can confirm that the downloaded file is the same one distributed by the Malcore team. To proceed with the installation, double-click on the .exe file and begin following the installation steps by clicking on the "Next" button. The MCDA installer will then install the necessary requirements for successful MCDA operation, including .NET 6.0.14.
After initiating the installation, the installer will begin installing the agent. To ensure a seamless installation process, it's recommended to keep all the default settings and configurations in place. This will help to prevent any potential issues with the installation.
Upon completion of the installation process, you will be prompted to restart your computer to enable all changes to take effect and for the agent to run at startup. If you prefer not to restart your computer immediately, you may choose to do so at a later time. However, please note that a restart will be required for the agent to operate correctly.
Following the restart, the agent should launch automatically, and you will be prompted to sign in to Malcore. If you don't already have an account, you can click on the signup link to create one. During the signup process, ensure that you carefully review and agree to the terms and conditions by selecting the "I agree to the terms & conditions" button.
Once you've successfully logged in, you will be directed to the settings panel. Here, you can view your current API key, your plan information, and customize your folder settings based on your preferences. You also have the option to configure your desired threat score and decide how you want to handle the corresponding files. In addition, the settings panel enables you to disable monitoring, turn off automatic startup launch, and switch off statistical requests. It's recommended that you keep the minimum threat score for MCDA between 23-27 to ensure accurate detection, as most legitimate Windows applications typically have a score between 16-22. For the purpose of this demonstration, we will set the threat score to 1.
To add a folder to the watchlist, click the "Add" button and select the desired folder. Once added, the monitored folder will be displayed in a list along with other currently monitored folders.
Click save and you will be brought to the main view.
Whenever a new file is added to the folder, it will be automatically sent to Malcore's API for analysis. If the file surpasses the set threshold, it will be locked to prevent you from executing it. When attempting to launch the file, a warning message will be displayed, indicating that the system cannot access the specified path. This is because MCDA prevents the execution of the file itself.
For a better understanding of why a file has been disabled from execution, you can click on the file in the MCDA main view. This will bring up the scan information and enable you to make an informed decision regarding what action to take with the file.
If you are certain that you want to permanently remove the flagged file, you can do so by clicking the "Delete" button located in both the main and information view. This action will securely delete the file from your system and it will not be recoverable. Please note that you should be absolutely sure that you do not need the file before proceeding with the deletion process, as it cannot be undone.
To restore the file to its original state, simply click on the "release" button. This will modify the file's permissions and allow you to execute the file again. Additionally, it will remove the file from the main view, indicating that the file is no longer being monitored by MCDA.
When you minimize MCDA or click the "x" button, MCDA will continue to run in the background, giving users a convenient way to keep it out of sight. Once minimized, MCDA will appear in the user's desktop tray. To access it again, simply double-click the Malcore logo in the tray.
Overall, MCDA offers a convenient and user-friendly approach to bringing Malcore to the Windows Desktop. By utilizing Malcore, you can remain prepared for any potential system threats, while still enjoying the ease of use and flexibility to perform everyday tasks with ease.