Managing YARA Rule Files

  1. Go to Virtual Analyzer > Sandbox Management, and then go to the YARA Rule tab.
  2. Do one of the following:
    • To add a new YARA rule, click Add.

      Virtual Analyzer validates the YARA rule file before adding it. For details about creating valid YARA rule files, see Creating a YARA Rule File.

    • To edit an existing YARA rule, click the File name of the YARA rule file to be edited.

  3. Click Choose File to browse and select a YARA rule file to add.
  4. For Files to analyze, do one of the following:
    • Select Specify file types and add selected file types that Virtual Analyzer associates with this YARA rule file.

      To add custom file types, type the file extension in the New file type field and press Enter. The system displays the new file types under the User-defined file types section in the lists.

      Important:

      To save new file types permanently in Deep Discovery Analyzer, click Save.

    • Select All file types to have Virtual Analyzer associate all file types with this YARA rule file.

      Note:

      Analyzing all file types may cause unintended detections and affect system performance. Trend Micro recommends analyzing specific file types that are targeted by the YARA rule file.

  5. Click Save.

    After adding a YARA rule file, you can:

    • Click Export to download a copy of the selected YARA rule file.

    • Click Delete to delete one or more selected YARA rule files.