NSX Malware Prevention supports multiple file categories for both local file analysis and cloud file analysis.

The following file categories are supported:
  • Executable
  • Document
  • Script
  • Archive
  • Data
  • Media
  • Other
In NSX 4.0:
  • On the Distributed Firewall, NSX Malware Prevention supports local and cloud file analysis only for Windows Portable Executable (PE) files on Windows guest endpoints (VMs).
  • On the Gateway Firewall, all the file categories that are listed in this topic are supported for local and cloud file analysis.

Starting in NSX 4.0.1.1, all file categories are supported for local and cloud file analysis on the Distributed Firewall and Gateway Firewall. Also, on the Distributed Firewall, NSX Malware Prevention feature is supported for both Windows and Linux guest endpoints (VMs).

On the Distributed Firewall, NSX Malware Prevention supports both detection and prevention of malware. However, on the Gateway Firewall, only detection of malware is supported.

Note: NSX Malware Prevention service is currently supported on guest VMs that use these file systems: NTFS, ext2, ext3, ext4, NFS, and CIFS.

The sections that follow later in this topic contain examples of supported file extensions for each file category. These examples only serve as a reference and should not be interpreted as the complete list of supported file extensions for each file category. Other file extensions for these listed file categories are also supported for analysis. The maximum file size limit is 64 MB.

Executable Files

The following table lists examples of supported file extensions that belong to the executable file category.

File Extensions Description

.exe

Portable Executable/MS-DOS executable

Self-extracting (SFX) executable

.elf

Executable and Linkable Format (ELF) executable

.msi

Microsoft installer

.lnk

Microsoft Windows shortcut

.dll

Microsoft Windows library

.sys

Microsoft Windows driver

.cpl, .pif

Other Microsoft file formats that might contain executable content

.class

Compiled Java class code

.com

COM executable for DOS

EICAR test virus

Document Files

The following table lists examples of supported file extensions that belong to the document file category.

File Extensions Description

.doc, .docx

Microsoft Office Word document

.xls, .xlsx

Microsoft Office Excel document

.xlt

Microsoft Office Excel template

.xlam

Microsoft Office Excel add-in with macros

.xlsm

Microsoft Office Excel document with macros

.xlsb

Microsoft Office Excel document with macros and saved in a binary format

.xltx

Microsoft Office Excel spreadsheet template

.xltm

Microsoft Office Excel spreadsheet template with macros

.ppt, .pptx

Microsoft Office Powerpoint document

.ppsx

Microsoft Office Powerpoint slideshow

.pot, .potx

Microsoft Office Powerpoint template

.docm

Microsoft Office Word document, Office Open XML format, with macros

.pptm

Microsoft Office Powerpoint document with macros

.ppsm

Microsoft Office Powerpoint slideshow with macros

.potm

Microsoft Office Powerpoint presentation template with macros

.dot, .dotx

Microsoft Office Word document template

.dotm

Microsoft Office Word document template, Office Open XML format with macros

.xps

Microsoft XML paper specification document

.odp, .ods, .odt, .otg, .otp, .ott, .odg

Open Office or LibreOffice document formats

.oxps

Open XML paper specification format document

.pdf

PDF document

.wpd

WordPerfect document

.pub

Microsoft Publisher document

.rtf

Rich text format document

.xml

XML-based Microsoft Office Excel document, pre-Office2007

XML-based Microsoft Office Powerpoint presentation, pre-Office2007

XML-based Microsoft Office Word document, pre-Office2007

.xdp

Adobe XML data package format

.xsl

eXtensible stylesheet language for XML file

Script Files

The following table lists examples of supported file extensions that belong to the script file category.

File Extensions Description

.hta

HTML application (HTA)

.vba

Visual Basic for applications

.vbs

Visual Basic script

.vbe

Visual Basic encoded script

.bat, .cmd

Batch script

.js

JavaScript

Analysis of Javascript files is supported only in the context of file transfers and not in the context of web traffic.

.jse

Jscript encoded script

.pl, .pm

Perl script

.psm1, .psd1, .ps1

Powershell script module

Powershell data file

Powershell script

.py

Python script

.sh, .command

Shell script

Terminal command file

.wsf

Windows script

Archive Files

The following table lists examples of supported file extensions that belong to the archive file category.

File Extensions Description

.ace

WinAce compressed file

.tbz2, .tbz, .bz2, .bz

TAR archive files compressed with Linux-based Bzip and Bzip2 data compressors

.cab

Microsoft Windows cabinet archive file

.diagcab

Microsoft diagnostic cabinet archive file

.tgz, .gz

TAR achive file compressed with Gnu Zip

.jar

Java archive file

.war

Java Web application archive

.lzh, .lha

Archive file compressed using Lempel-Ziv and Haruyasu (LZH) compression algorithm

.lzma

Files compressed with Lempel-Ziv-Markov chain Algorithm (LZMA) compression

.nupkg

NuGet package file

.udf

Universal disk format

.iso

Disc image file format based on ISO-9660 standard

.rar

Files compressed with RAR compression

.tar

Tape archive file

.xz, .txz

XZ compressed TAR file

.zip

Zip archive file

.7z

7-zip archive file

.eml

RFC2822-formatted email message file

Data Files

The following table lists examples of supported file extensions that belong to the Data file category.

File Extensions Description

.csv

Comma-separated values data file

.iqy

Internet query data file

.sylk, .slk

Symbolic link data file

.pcapng, .pcap

Packet capture file (tcpdump)

.settingcontent-ms

Microsoft content-settings data file

Media Files

Only Macromedia Flash data file (.swf) is supported.

Other Files

The following table lists examples of supported file extensions that do not belong to any of the preceding file categories.

File Extensions Description

.website

Website file

.url

Internet shortcut file referenced by Web browsers

.htm, .html

HTML document

Analysis of HTML files is supported only in the context of file transfers and not in the context of web traffic. The context is detected using content-disposition headers for HTTP, and is always true for other protocols, such as FTP, SMB.

.xar, .pkg

XAR archive data

For malware detection, these files are analyzed directly without extracting them. Therefore, they are not classified as archive files.