Rule condition

This wizard lets you add conditions for a rule. Select condition Type and an Operation from the drop-down list. The list of operations changes depending on what rule type you've chosen. Then select a Parameter. Parameter fields will change depending on rule type and operation. For example, choose File size > is greater than and under Parameter specify 10 MB. Using these settings, any file that is larger than 10 MB will be processed using rule actions you have specified. For this reason you should specify the action that is taken when a given rule is triggered if you have not done so when setting parameters for that rule.

Alternatively, you can specify Regular expression, select Operation: matches regular expression or does not match regular expression. ESET Security for Microsoft SharePoint uses std::regex. Refer to ECMAScript syntax exlink for constructing regular expressions.


IMPORTANT

You can define multiple conditions. If you do so, all of the conditions must be met for the rule to be applied. All conditions are connected using the logical operator AND. Even if most of the conditions are met and only a single one isn't, the condition evaluation result is considered not met and the rule's action cannot be taken.

The following conditions types are available for On-access filter or On-demand database scan (some of the options might not display depending on your previously selected conditions):

Condition name

On-access filter

On-demand database scan

Descriptions

File name

Applies to files with a specific name, if this condition is chosen, it allows you to specify a mask for the specified file name, you can use wildcards *? etc.

This condition applies to the file name only, regardless of file path.

File size

Applies to files exceeding the defined size. If this condition is selected you can specify a maximum file size and when file size exceeds the set value the rule will be applied.

File URL

Applies to files located at specific URL, if this condition is chosen, it allows you to specify URL and a mask for the specified file name, you can use wildcards *? etc.

File type

Applies to files of a specified type (actual file type is detected by its contents, regardless of file name or extension), if this condition is chosen, it allows you to select one or more file types for which the rule is applied, for a complete list of file types detected see our Knowledgebase article exlink.

Time modified

Applies to files that were last modified before or after a specified date, alternatively you can specify a date range and a rule condition will then apply to files modified within this range.

Antivirus scan result

Applies to files that are considered malicious or clean based on an Antivirus scan.

Contains password protected archive

Applies to archive files that are protected by a password.

Contains damaged archive

Applies to damaged archive files (most likely impossible to open).

Modified by user

Applies to files that were last modified by specified user.


NOTE

The number of Rules hits count in scan log can be higher than the Number of scanned objects for rules that contain File type condition. This may happen when scanned objects are archives or container files that package other files inside them (for example .docx). In such case, each inner file is being matched against the rules with File type condition, which may result in Rules hits count exceeding the Number of scanned objects.