ESET Online Help

Search English
Select the topic

Rule condition

The Rules condition wizard lets you add conditions for a rule. Select the condition Type and an Operation from the drop-down menu. The list of operations changes depending on what rule type you have chosen. Then select a Parameter. Parameter fields will change depending on the rule type and operation.

For example, choose File size > is greater than, and under Parameter specify 10 MB. Using these settings, any file that is larger than 10 MB will be processed using the rule actions you have specified. For this reason, you should specify the action taken when a given rule is triggered if you have not already done so when setting that rule's parameters.

If you want to import your custom list from a file instead of adding entries manually, right-click in the middle of the window and select Import from the context menu. Then, you can browse for the file (.xml or .txt, and containing entries delimited by new lines) that you want to add to the list. Likewise, select Export from the context menu if you need to export your existing list to a file.

Alternatively, you can specify Regular expression by selecting Operation: matches regular expression or does not match regular expression.


important

You can define multiple conditions. If you do so, all of the conditions must be met for the rule to be applied. All conditions are connected using the logical operator AND. Even if most of the conditions are met and only a single one is not, the condition evaluation result is considered not met and the rule's action cannot be taken.

The following conditions types are available for On-access filter or On-demand database scan (some of the options might not display depending on your previously selected conditions):

Condition name

On-access filter

On-demand database scan

Descriptions

File name

Applies to files with a specific name, if this condition is chosen, it allows you to specify a mask for the specified filename, you can use wildcards *? etc.

This condition applies to the filename only, regardless of file path.

File size

Applies to files exceeding the defined size. If this condition is selected you can specify a maximum file size and when file size exceeds the set value the rule will be applied.

File URL

Applies to files located at specific URL, if this condition is chosen, it allows you to specify URL and a mask for the specified filename, you can use wildcards *? etc.

File type

Applies to files of a specified type (actual file type is detected by its contents, regardless of filename or extension), if this condition is chosen, it allows you to select one or more file types for which the rule is applied, for a complete list of file types detected see our Knowledgebase article.

Time modified

Applies to files that were last modified before or after a specified date, alternatively you can specify a date range and a rule condition will then apply to files modified within this range.

Antivirus scan result

Applies to files that are considered malicious or clean based on an Antivirus scan.

Contains password protected archive

Applies to archive files that are protected by a password.

Contains damaged archive

Applies to damaged archive files (most likely impossible to open).

Modified by user

Applies to files that were last modified by specified user.


note

The number of Rules hits count in scan log can be higher than the Number of scanned objects for rules that contain File type condition. This may happen when scanned objects are archives or container files that package other files inside them (for example .docx). In such case, each inner file is being matched against the rules with File type condition, which may result in Rules hits count exceeding the Number of scanned objects.