The following YARA rule tags have predefined meanings, therefore use them with care to ensure results are as intended.
Table 1.
YARA Rule Tags
- appc_msi_processor
- appcontrol_installer
- Approve
- archive
- bmp
- chrome_extension_interpreter
- cmd_interpreter
- dep_incompatible
- doc
- docm
- docx
- DontSendEvent
- DownloadedFile
- eicar
- EmailAttachment
- executable
|
- filetype
- gif
- installer
- invalid
- java_interpreter
- jpeg
- jpg
- library
- malicious
- mozilla_extension_interpreter
- mshta_interpreter
- perl_interpreter
- pdf
- png
- powershell_interpreter
- ppt
|
- pptm
- pptx
- ps_virtualprotect
- python_interpreter
- quarantine
- reg_interpreter
- risk
- rtf
- ruby_interpreter
- script
- script_interpreter
- tiff
- UnitTest
- vb_interpreter
- xls
- xlsm
- xlsx
|
Important: The following tags are in the
IsInteresting namespace. Do not use them in the
Classification namespace.
- archive
- dep_incompatible
- executable
- filetype
- installer
- invalid
- script
- script_interpreter
