File Submission Rules

Deep Discovery Inspector allows you to create file submission rules to reduce the number of files in the Virtual Analyzer queue. To ensure that only suspicious files are analyzed, file submission rules check files based on detection types, detection rules, and file properties.

File submission rules contain the following elements:

Status: “Enabled” or “Disabled”
Priority: Position of a rule in the overall list
Criteria: Set of conditions that a file must satisfy before the specified action is taken
Action: "Submit" or "Do not submit files"

Deep Discovery Inspector checks a file against each rule in the list until finding a match. If you do not add any rules, Deep Discovery Inspector uses the following default rules.

Default Submission Rule Elements

Rule Type	Criteria	Action
Basic	Known malware	Do no submit files
Basic	No detection types AND CHM / JAR / JAVA Applet / LNK / Mach-O / WIN_EXE	Submit files
Basic	No detection types AND HTTP AND .vbs / .vbe / .ps1 / .hta / *.wsf	Submit files
Basic	No detection types AND SMTP AND .vbs / .vbe / .ps1 / .hta / .wsf / .js / .jse / .bat / .cmd / .html / *.htm	Submit files
Basic	No detection types AND SMTP AND SWF	Submit files
Advanced	Rule 28/29/40/52	Do not submit files
Basic	Heuristic detections / Highly suspicious files	Submit files

$('#title').html($('meta[name=description]').attr('content'));

File Submission Rules

Default Submission Rule Elements