Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

Managing user-defined Sandbox rules

Creating a user-defined Sandbox rule for scanning files

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Creating a user-defined Sandbox rule for scanning files

8 November 2023

ID 246749

To add a user-defined Sandbox rule for file scanning:

  1. In the window of the application web interface, select the Custom rules section, Sandbox subsection.
  2. Go to the Files tab.
  3. Click Add.
  4. Select Create rule.

    This opens the rule creation window.

  5. Configure the following settings:
    1. State is the state of the prevention rule. Select the check box if you want to enable the rule.
    2. Virtual machine is the virtual machine on which files will be scanned in accordance with this rule.

      Only virtual machines with custom operating system images can be selected. These virtual machines must belong to the set of operating systems selected on the Central Node.

    3. Specify at least one of the values: mask or file category. If you fill in all the fields, the rule is triggered for files that match the category and size conditions or mask and size conditions, and are not exclusions.
      • Mask is the mask of files that you want to send for scanning. You can specify multiple values.

        To specify a mask, you can use the * and ? wildcard characters. Other wildcard characters are not supported.

      • Mask exclusion is the mask of files that must be excluded from scanning. You can specify multiple values.

        To specify an exclusion mask, you can use the * and ? wildcard characters. Other wildcard characters are not supported.

      • File category are categories of files that you want to send for scanning. You can specify multiple categories.

        You can view the full list of extensions for each category in the List of extensions for file categories section.

      • File size is the size of the files being scanned.
      • If you want to set multiple ranges, click Add file size.
  6. Click Add.

The rule is created.

If you want to send an archive for scanning, you must take into account the special considerations involved in scanning archives.

Archives are scanned as follows:

  1. Kaspersky Anti Targeted Attack Platform unpacks the archive.
  2. Files from the archive that match the rule are sent for scanning.

Files with the MSI extension are scanned in the same way as archives.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.