Rule condition

This wizard lets you add conditions for a rule. Files will be evaluated according to defined conditions.

Select Type and Operation (if available) from the drop-down list (the list of operations changes depending on what rule type you've chosen), then select Parameter. Parameter fields will change depending on rule type and operation.

note_icon_example EXAMPLE

Choose File size > is greater than and under Parameter specify 10 MB. Using these settings, any file that is larger than 10 MB will be processed using rule actions you have specified. For this reason you should specify the action that is taken when a given rule is triggered if you have not done so when setting parameters for that rule.

note_icon_note NOTE

It is possible to add multiple conditions for one rule.

The following Conditions are available for On-access filter or On-demand database scan (some of the options might not display depending on your previously selected conditions):

Condition name

On-access filter

On-demand database scan


File name

Applies to files with a specific name, if this condition is chosen, it allows you to specify a mask for the specified file name, you can use wildcards *? etc.

This condition applies to the file name only, regardless of file path.

File size

Applies to files exceeding the defined size. If this condition is selected you can specify a maximum file size and when file size exceeds the set value the rule will be applied.

File URL

Applies to files located at specific URL, if this condition is chosen, it allows you to specify URL and a mask for the specified file name, you can use wildcards *? etc.

File type

Applies to files of a specified type (actual file type is detected by its contents, regardless of file name or extension), if this condition is chosen, it allows you to select one or more file types for which the rule is applied, for a complete list of file types detected see our Knowledgebase article

Time modified

Applies to files that were last modified before or after a specified date, alternatively you can specify a date range and a rule condition will then apply to files modified within this range.

Antivirus scan result

Applies to files that are considered malicious or clean based on an Antivirus scan.

Contains password protected archive

Applies to archive files that are protected by a password.

Contains damaged archive

Applies to damaged archive files (most likely impossible to open).

Modified by user

Applies to files that were last modified by specified user.

note_icon_note NOTE

The number of Rules hits count in scan log can be higher than the Number of scanned objects for rules that contain File type condition. This may happen when scanned objects are archives or container files that package other files inside them (for example .docx). In such case, each inner file is being matched against the rules with File type condition, which may result in Rules hits count exceeding the Number of scanned objects.