File Submission Rule Types and Criteria Parent topic

Deep Discovery Inspector provides two types of file submission rules. Each rule type requires a specific set of criteria.
  • Basic: Checks files based on detection type and other properties
  • Advanced: Checks files based on detection rules and other properties
Select the following optional criteria when creating basic or advanced file submission rules.
  1. Protocol
    • Common Internet File System (CIFS)
    • File Transfer Protocol (FTP)
    • Hypertext Transfer Protocol (HTTP)
    • Instant Messaging (IM)
    • Internet Message Access Protocol (IMAP)
    • Post Office Protocol 3 (POP3)
    • Simple Mail Transfer Protocol (SMTP)
  2. File Type
    Option
    File Type
    Example File Extensions
    7zip
    7-zip archive
    .7z
    BZIP2
    BZIP2 archive
    .bz2
    CHM
    Compiled HTML (CHM) help file
    .chm
    JAR
    Java™ Archive
    .jar
    Java Applet
    Java™ class file
    .class
    LNK
    Microsoft™ Windows™ Shell Binary Link shortcut
    Microsoft™ Windows™ 95/NT shortcut
    .lnk
    Mach-O
    Mach-O x86/x64
    No extension for most executables
    Mac OS X Installer Package
    Mac OS X Installer Package
    .pkg
    OFFICE
    Microsoft Office file
    .doc
    .docx
    .ppt
    .pptx
    .xls
    .xlsx
    PDF
    Adobe™ Portable Document Format (PDF)
    .pdf
    RAR
    RAR archive
    .rar
    SWF
    Adobe™ Shockwave™ Flash file
    .swf
    TAR
    TAR archive
    .tar
    WIN_EXE
    Windows executable file
    .exe
    ZIP
    PKWARE PKZIP archive (ZIP)
    .zip
    Note
    Note
    To submit Mac OS X Installer Packages, you must select Mac OS X Installer Package for the File Type option and specify pkg for the File Extension option.
  3. File Extension
    Type one or more file extensions. Separate multiple entries with a comma (,).
  4. File Size
    Specify a value that is less than or equal to the maximum file size configured at AdministrationSystem MaintenanceStorage MaintenanceFile Size Settings.
  5. Direction
    • Internal hosts: Hosts in monitored networks
    • External hosts: Hosts outside the network
  6. Src / Dest IP
    • All
    • Specific IP address
    • IP address from any monitored network group
  7. URL
    Type up to 20 URLs. Separate multiple entries with a comma (,).
    Syntax: [http://]<Domain>[:<Port>][/<URI-prefix>]
    • [http://]
      Accepted and ignored
    • <Domain>
      Wildcards (*) are only allowed in a prefix. When a wildcard is used in a prefix, it must be connected with ". ". Only one wildcard may be used in a domain.
    • [:<Port>]
      (Optional) If unassigned, the default is ":80" (Port 80).
      Assign a specific port with a whole number between 1 and 65,535, or use a wildcard (*) to assign all ports.
    • [/<URI-prefix>]
      (Optional) If unassigned, the default is a wildcard that matches all paths.
      Use "/" and "/*" to match a URL without a path.
      Example: www.abc.com/* matches www.abc.com
      [/<URI-prefix>] is always applied as a prefix matching. Only one wildcard is accepted in a prefix.
      URI matching is not case-sensitive.
    Tip
    Tip
    If you add URL criteria, Trend Micro recommends also adding a new criteria for Protocol. For example, add HTTP or email related protocols.