Adding a File Submission Rule Parent topic

Deep Discovery Inspector supports a maximum of 1000 rules.

Procedure

  1. Go to AdministrationVirtual AnalyzerFile Submissions.
  2. Under File Submission Rules, click Add.
    The New Submission Rule window appears.
  3. Select Enable submission rule.
  4. Under Criteria, select one of the following:
    • Basic: Checks files based on detection type and other properties
    • Advanced: Checks files based on detection rules and other properties
  5. (Optional) For Basic, select at least one of the following detection types:
    • No detection types: Files that did not trigger any Deep Discovery Inspector detection rules
      Note
      Note
      Select this option to search for files that meet certain criteria but do not have detections.
    • Any of the following:
      Note
      Note
      Select at least one detection type.
      • Known malware: Malicious files that are detected through signature-based methods
      • Heuristic detections: Suspicious files that are detected through heuristic analysis
      • Highly suspicious files: Files exhibiting highly suspicious behavior that are detected through detection rules
  6. (Optional) For Advanced, click Select and check at least one detection rule.
    For details about Deep Discovery Inspector detection rules, go to AdministrationMonitoring / ScanningDetection Rules.
  7. (Optional) Click New Criteria.
  8. Select any of the following criteria and configure the applicable settings.
    • Protocol: Select at least one protocol.
    • File type: Select at least one file type.
    • File extension: Type one or more file extensions. Separate multiple entries with a comma (,).
    • File size: Specify a value that is less than or equal to the maximum file size configured at AdministrationSystem MaintenanceStorage MaintenanceFile Size Settings.
    • Direction:
      • Internal hosts
      • External hosts
    • Src / Dest IP: For both source and destination, click Select and select one of the following:
      • All
      • Specify IP address
      • Select from monitored network groups
    • URL: Type up to 20 URLs. Separate multiple entries with a comma (,).
      Tip
      Tip
      If you add URL criteria, Trend Micro recommends also adding a new criteria for Protocol. For example, add HTTP or email related protocols.
  9. Select the action that Deep Discovery Inspector takes when the file meets the configured criteria.
  10. Specify the rule priority. Type a number between one and the total number of rules.
  11. Click Add.