Configuring handling of sandboxed zipped files

Product

Guardian

Description

The json object can have the following attributes: * modes - array of unzipping modes which should be enabled. By default all of them are enabled and are executed in the described order. Possible values are: fast, for fast unzipping, macro, for macro extraction and analysis, upx, for upx decompression, full, for extensive and advanced archive decompression. An empty array can be used to completely disable the unzipping functionalities of Sandbox.

conf.user configure sandbox unzipping {"modes": ["macro", "upx", "full"]}

Parameters

json_value: A json object to configure how zipped files are handled by Guardian

Where

CLI

To apply

It is applied automatically.