Create Custom YARA Scanner files

YARA Scanner files is a set of rules written in accordance with YARA manual. These rules are user-defined, written to identify any specific pattern in a file.

If Custom YARA Scanner is enabled in your analyzer profile as an analyzing option, Advanced Threat Defense checks for a presence of these user-defined rules in the samples being analyzed. If any defined rule is present in a file analyzed, then after the analysis Very High severity is displayed in the analysis report with threat name as the rule name. If defined rule is not present in the file analyzed, then Unverified is displayed in the analysis report for the file.