Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

What is considered an interesting file?

What is considered an interesting file?

Version

7.x

Topic

This document answers most commonly asked questions regarding the type of file that the Bit9 agent will consider interesting for analysis.

Question 1

What is considered an interesting file?

Answer 1

Bit9 agent tracks and manages two categories of files: executable and scripts. Executable file is identified based on Bit9 agent’s analysis of their content. Scripts are identified by filename extension. Bit9 agent considers any file with a portable executable (PE) header, regardless of file name or extension, as executable and will be tracked for policy enforcement. Any file whose extension is cited in an enabled 'Script Rule' will also be tracked by the Bit9 agent for policy enforcement.

Question 2

Where can I read more information about the Script Rules?

Answer 2

Please see the  "Script Rules" chapter in the Using Bit9 Guide for your specific version.  The Bit9 Security Platform includes several standard script rules, some of which are enabled by default. On the Script Rules page, you can enable or disable existing rules, modify the rules, and create new custom script rules.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-24-2014
Views:
976
Contributors