Uploading valid Yara rules file fails, and you can't enable custom Yara scanner
Last Modified: 2023-02-24 09:19:28 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Uploading valid Yara rules file fails, and you can't enable custom Yara scanner
Technical Articles ID:
KB94044
Last Modified: 2023-02-24 09:19:28 Etc/GMT Environment
Trellix Intelligent Sandbox (IS) Advanced Threat Defense (ATD) Problem 1
When you try to upload a valid Yara rules file for your Yara scanner to ATD or IS, you see the following error: Problem 2
You see the following error message when you try to enable Custom Yara Scanner in the Analyzer Profile setting. Cause
The configuration file in the ATD or IS system back-end has a value missing from the Yara settings.
Solution
If you experience this issue, perform the steps below:
To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.
Related Information
4.2, 4.4, and 4.6 support Yara 3.1. 4.8, 4.10, 4.12, 4.14, and 5.0 support Yara 3.8. Always make sure that you follow the syntax of the supported Yara version when composing your Yara rules file. Affected ProductsLanguages:This article is available in the following languages: |
|