Enable or disable the adaptive algorithm for file unzipping

Product

Guardian

conf.user configure archive auto_switch_off
            <flag>

Description

Unzipping is a very expensive process which is automatically disabled when Sandbox is under heavy loading. Instead of discarding files, Sandbox will disable unzipping for some files and process only the unzipped file with STIX and Yara indicators.

Parameters

flag: Default to true. false to disable the feature

Where

CLI

To apply

It is applied automatically.