File Submission Rule Types and Criteria Parent topic

Deep Discovery Inspector provides two types of file submission rules. Each rule type requires a specific set of criteria.
  • Basic: Checks files based on detection type and other properties
  • Advanced: Checks files based on detection rules and other properties
Select the following optional criteria when creating basic or advanced file submission rules.
  1. Protocol
    • Common Internet File System (CIFS)
    • File Transfer Protocol (FTP)
    • Hypertext Transfer Protocol (HTTP)
    • Instant Messaging (IM)
    • Internet Message Access Protocol (IMAP)
    • Post Office Protocol 3 (POP3)
    • Simple Mail Transfer Protocol (SMTP)
  2. File Type
    Option
    File Type
    Example File Extensions
    7zip
    7-zip archive
    .7z
    ALZ
    ALZip compressed file
    .alz
    BZIP2
    BZIP2 archive
    .bz2
    CHM
    Compiled HTML (CHM) help file
    .chm
    EGG
    ALZip archive file
    .egg
    ELF
    Executable and Linkable Format binary file
    .elf
    JAR
    Java™ Archive
    .jar
    Java Applet
    Java™ class file
    .class
    LNK
    Microsoft™ Windows™ Shell Binary Link shortcut
    Microsoft™ Windows™ 95/NT shortcut
    .lnk
    Mach-O
    		 Mach-O x86/x64
    No extension for most executables
    Mac OS X Installer Package
    Mac OS X Installer Package
    .pkg
    OFFICE
    Microsoft Office file
    .doc
    .docx
    .ppt
    .pptx
    .xls
    .xlsx
    OpenDocument
    Open Document file
    .odt
    .odp
    .ods
    PDF
    Adobe™ Portable Document Format (PDF)
    .pdf
    RAR
    RAR archive
    .rar
    SWF
    Adobe™ Shockwave™ Flash file
    .swf
    TAR
    TAR archive
    .tar
    WIN_EXE
    Windows executable file
    .exe
    ZIP
    PKWARE PKZIP archive (ZIP)
    .zip
    Note
    Note
    To submit Mac OS X Installer Packages, you must select Mac OS X Installer Package for the File Type option and specify pkg for the File Extension option.
  3. File Extension
    Type one or more file extensions. Separate multiple entries with a comma (,).
  4. File Size
    Specify a value that is less than or equal to the maximum file size configured at AdministrationSystem MaintenanceStorage MaintenanceFile Size Settings.
  5. Direction
    • Internal hosts: Hosts in monitored networks
    • External hosts: Hosts outside the network
  6. Src / Dest IP
    • All
    • Specific IP address
    • IP address from any monitored network group
  7. URL
    Type up to 20 URLs. Separate multiple entries with a comma (,).
    Syntax: [http://]<Domain>[:<Port>][/<URI-prefix>]
    • [http://]
      Accepted and ignored
    • <Domain>
      Wildcards (*) are only allowed in a prefix. When a wildcard is used in a prefix, it must be connected with ". ". Only one wildcard may be used in a domain.
    • [:<Port>]
      (Optional) If unassigned, the default is ":80" (Port 80).
      Assign a specific port with a whole number between 1 and 65,535, or use a wildcard (*) to assign all ports.
    • [/<URI-prefix>]
      (Optional) If unassigned, the default is a wildcard that matches all paths.
      Use "/" and "/*" to match a URL without a path.
      Example: www.abc.com/* matches www.abc.com
      [/<URI-prefix>] is always applied as a prefix matching. Only one wildcard is accepted in a prefix.
      URI matching is not case-sensitive.
    Tip
    Tip
    If you add URL criteria, Trend Micro recommends also adding a new criteria for Protocol. For example, add HTTP or email related protocols.