File Submission Rules Parent topic

Deep Discovery Inspector allows you to create file submission rules to reduce the number of files in the Virtual Analyzer queue. To ensure that only suspicious files are analyzed, file submission rules check files based on detection types, detection rules, and file properties.
File submission rules contain the following elements:
  • Status: “Enabled” or “Disabled”
  • Priority: Position of a rule in the overall list
  • Criteria: Set of conditions that a file must satisfy before the specified action is taken
  • Action: "Submit" or "Do not submit files"
Deep Discovery Inspector checks a file against each rule in the list until finding a match. If you do not add any rules, Deep Discovery Inspector uses the following default rules.

Default Submission Rule Elements

Rule Type
Criteria
Action
Basic
Known malware
Do no submit files
Basic
No detection types AND CHM / JAR / JAVA Applet / LNK / Mach-O / WIN_EXE
Submit files
Basic
No detection types AND HTTP AND *.vbs / *.vbe / *.ps1 / *.hta / *.wsf
Submit files
Basic
No detection types AND SMTP AND *.vbs / *.vbe / *.ps1 / *.hta / *.wsf / *.js / *.jse / *.bat / *.cmd / *.html / *.htm
Submit files
Basic
No detection types AND SMTP AND SWF
Submit files
Advanced
Rule 28/29/40/52
Do not submit files
Basic
Heuristic detections / Highly suspicious files
Submit files