User Guide

Best practices

Before using the ReversingLabs browser extension, read through the following recommendations to ensure effective and secure use of the browser extension.

API usage

Each lookup performed by the browser extension generates an API request to Spectra Analyze or Spectra Intelligence. Be aware that these requests count against your organization's API quota.

If you have any questions about your quota, contact support@reversinglabs.com.

Download scanning

The browser extension's download scanning feature has a default file size limit of 200 MB. Files larger than this cannot be automatically scanned, and if you submit such files, the scan fails. However, files of any sizes can be downloaded if the ReversingLabs browser extension doesn't attempt to scan them.

If you frequently work with large files, it is recommended you allow downloading files without scanning by doing the following:

• Individual users:
  • Disable automatic download scanning to avoid delays.
  • Alternatively, enable the Prompt for confirmation option. This allows you to decide whether to scan files on a case-by-case basis.
• Enterprise users: contact your IT administrator to allow you the choice to download files without scanning.

Using the extension

The ReversingLabs browser extension offers several modes of interaction. For more information, see below.

Indicator highlighting

The extension identifies indicators on a page, and highlights them by underlining the text and applying a clickable RL icon.

To learn more about the indicator, click the RL icon to see lookup results in the browser side panel.

Side panel

After clicking the RL icon next to an indicator, a side panel opens displaying the lookup results.

Domain example

IPv4 address example

File hash example

Context menu

In addition to automatic highlighting, you can use the right-click context menu to manually select indicators for lookup when available.

1. Find a highlighted item on the page and do either of the following:
   • Right-click the RL icon.
   • Select the underlined text in case of a hash, IP, URL or domain, and then right-click it.
2. Hover over the ReversingLabs Browser Extension item.
3. Click the appropriate action. The following actions may be available depending on what item you right-click and which permissions you have:

   • Open side panel: open the side panel. The side panel opens empty, or showing the last item you queried.

   • Do not highlight on this host: prevent content highlighting from this particular host. Use this option only for internal and trusted sites where you don't require continuous threat intelligence highlighting.

   • Add to Allow List: disable all scanning and analysis for a specific website. Use this option only for internal and trusted sites that you want to visit, and from which you want to download content without disruptions.

     Enterprise users

     Add to Allow List may not be available to enterprise users depending on their enterprise settings.

   • Add to Block List: completely block downloads and page visits from a specific website. Use this option for high-risk and untrusted sites.

   • Query link target URL: look up this URL hyperlink.

   • Submit link target URL: submit this URL hyperlink for analysis.

   • Safely download link target: scan for analysis and then download targeted link.

• The following actions are available on text selection:
  • Submit text as URL: submit the selected text for URL analysis.
  • Query text as URL: look up the selected text as a URL.
  • Query text as domain: look up the selected text as a domain.
  • Query text as IPv4: look up the selected text as IPv4.
  • Query text as hash: look up the selected text as a hash.

File upload

For Spectra Analyze users, the extension supports file upload for analysis.

File size

By default, you can upload files of up to 200 MB in size. If you frequently need to upload larger files, use Spectra Analyze instead.

To upload a file to the Spectra Analyze appliance using the ReversingLabs browser extension, do the following:

1. To open the extension side panel, right-click on a page and then select Open side panel from the context menu.
2. Click the Upload tab near the top of the side panel.
3. Drag and drop a file into the window, or click to open the file explorer and select a file. If you want to perform a batch sample analysis, you can upload a maximum of 25 files.
4. Click the Upload button. Your file is listed under Samples Queued for Analysis.
5. Analysis Configuration offers further analysis options:
   • Spectra Intelligence: check this box to forward the samples to Spectra Intelligence for analysis. This option can be used at the same time as RL Cloud Sandbox.
   • RL Cloud Sandbox: check this box to forward the samples to RL Cloud Sandbox for dynamic analysis. This option can be used at the same time as Spectra Intelligence.
   • OS: from the drop-down list, select the appropriate operating system to use with RL Cloud Sandbox.
   • File Password: if uploading a password-protected file, enter its password here.
6. Click Submit to start the analysis.
7. Under Upload History, find all successful and failed file analyses.

Once a file is submitted and analyzed, its color changes based on its classification. Clicking an analyzed file opens it in your Spectra Analyze appliance.

For more information about file classification and color-coding, see Spectra Analyze > Navigating the Interface > Color-Coding and Sample Status.

Automatic scan downloads

The extension can automatically scan downloaded files to detect malicious content.

File size

By default, you can scan files of up to 200 MB in size. If you frequently need to scan larger files, use Spectra Analyze instead.

To enable the feature, do the following:

1. Open the extension configuration page by clicking the RL Browser Extension icon in the browser toolbar.
2. In the Additional Configuration section, make sure that Scan Downloads with Spectra Analyze or Spectra Intelligence is switched on.

Enterprise mode

If you are using the extension in enterprise mode, you may not have the necessary permissions to change this setting. For more information, contact your IT administrator.

3. Optionally, Prompt when Downloading Files should be switched on if you want the extension to ask for confirmation before scanning files.

When scanning is enabled, downloaded files are submitted for analysis, and users are notified if threats are detected.

• if a file is flagged as malicious, the user is prompted for action.
• if a file is classified as goodware, the download proceeds uninterrupted.

All downloaded files are saved to the default Chrome/Edge downloads folder

Scan URLs

For both Spectra Analyze and Spectra Intelligence users, the extension includes a Scan URLs feature designed to prevent access to potentially malicious sites.

To enable and use this feature:

1. Open the extension configuration page by clicking the RL Browser Extension icon in the browser toolbar.
2. In the Additional Configuration section, make sure that Scan URLs is switched on.

Enterprise mode

If you are using the extension in enterprise mode, you may not have the necessary permissions to change this setting. For more information, contact your IT administrator.

Once enabled, URLs you click or open in a new tab are checked for reputation. If a URL is identified as suspicious or malicious, you are redirected to a warning page where you can choose your next action.