Rule condition
This wizard lets you add conditions for a rule. Select condition Type and an Operation from the drop-down list. The list of operations changes depending on what rule type you have chosen. Then select a Parameter. Parameter fields will change depending on rule type and operation.
For example, choose File size > is greater than and under Parameter specify 10 MB. Using these settings, any file that is larger than 10 MB will be processed using the rule actions you have specified. For this reason, you should specify the action taken when a given rule is triggered unless you have already done so so when setting parameters for that rule.
Alternatively, you can specify Regular expression, select Operation: matches regular expression or does not match regular expression. ESET Security for Microsoft SharePoint uses std::regex. Refer to ECMAScript syntax for constructing regular expressions.
|
You can define multiple conditions. If you do so, all of the conditions must be met for the rule to be applied. All conditions are connected using the logical operator AND. Even if most of the conditions are met and only a single one is not, the condition evaluation result is considered not met and the rule's action cannot be taken. |
The following conditions types are available for On-access filter or On-demand database scan (some of the options might not display depending on your previously selected conditions):
Condition name |
Descriptions |
||
|---|---|---|---|
File name |
✓ |
✓ |
Applies to files with a specific name, if this condition is chosen, it allows you to specify a mask for the specified filename, you can use wildcards *? etc. This condition applies to the filename only, regardless of file path. |
File size |
✓ |
✓ |
Applies to files exceeding the defined size. If this condition is selected you can specify a maximum file size and when file size exceeds the set value the rule will be applied. |
File URL |
✗ |
✓ |
Applies to files located at specific URL, if this condition is chosen, it allows you to specify URL and a mask for the specified filename, you can use wildcards *? etc. |
File type |
✓ |
✓ |
Applies to files of a specified type (actual file type is detected by its contents, regardless of filename or extension), if this condition is chosen, it allows you to select one or more file types for which the rule is applied, for a complete list of file types detected see our Knowledgebase article. |
Time modified |
✗ |
✓ |
Applies to files that were last modified before or after a specified date, alternatively you can specify a date range and a rule condition will then apply to files modified within this range. |
Antivirus scan result |
✓ |
✓ |
Applies to files that are considered malicious or clean based on an Antivirus scan. |
Contains password protected archive |
✓ |
✓ |
Applies to archive files that are protected by a password. |
Contains damaged archive |
✓ |
✓ |
Applies to damaged archive files (most likely impossible to open). |
Modified by user |
✗ |
✓ |
Applies to files that were last modified by specified user. |
|
The number of Rules hits count in scan log can be higher than the Number of scanned objects for rules that contain File type condition. This may happen when scanned objects are archives or container files that package other files inside them (for example .docx). In such case, each inner file is being matched against the rules with File type condition, which may result in Rules hits count exceeding the Number of scanned objects. |
