NSX Malware Prevention supports multiple file categories for both local file analysis and cloud file analysis.
- Executable
- Document
- Script
- Archive
- Data
- Media
- Other
- On the Distributed Firewall, NSX Malware Prevention supports local and cloud file analysis only for Windows Portable Executable (PE) files on Windows guest endpoints (VMs).
- On the Gateway Firewall, all the file categories that are listed in this topic are supported for local and cloud file analysis.
Starting in NSX 4.0.1.1, all file categories are supported for local and cloud file analysis on the Distributed Firewall and Gateway Firewall. Also, on the Distributed Firewall, NSX Malware Prevention feature is supported for both Windows and Linux guest endpoints (VMs).
On the Distributed Firewall, NSX Malware Prevention supports both detection and prevention of malware. However, on the Gateway Firewall, only detection of malware is supported.
The sections that follow later in this topic contain examples of supported file extensions for each file category. These examples only serve as a reference and should not be interpreted as the complete list of supported file extensions for each file category. Other file extensions for these listed file categories are also supported for analysis. The maximum file size limit is 64 MB.
Executable Files
The following table lists examples of supported file extensions that belong to the executable file category.
| File Extensions | Description |
|---|---|
| .exe |
Portable Executable/MS-DOS executable Self-extracting (SFX) executable |
| .elf |
Executable and Linkable Format (ELF) executable |
| .msi |
Microsoft installer |
| .lnk |
Microsoft Windows shortcut |
| .dll |
Microsoft Windows library |
| .sys |
Microsoft Windows driver |
| .cpl, .pif |
Other Microsoft file formats that might contain executable content |
| .class |
Compiled Java class code |
| .com |
COM executable for DOS EICAR test virus |
Document Files
The following table lists examples of supported file extensions that belong to the document file category.
| File Extensions | Description |
|---|---|
| .doc, .docx |
Microsoft Office Word document |
| .xls, .xlsx |
Microsoft Office Excel document |
| .xlt |
Microsoft Office Excel template |
| .xlam |
Microsoft Office Excel add-in with macros |
| .xlsm |
Microsoft Office Excel document with macros |
| .xlsb |
Microsoft Office Excel document with macros and saved in a binary format |
| .xltx |
Microsoft Office Excel spreadsheet template |
| .xltm |
Microsoft Office Excel spreadsheet template with macros |
| .ppt, .pptx |
Microsoft Office Powerpoint document |
| .ppsx |
Microsoft Office Powerpoint slideshow |
| .pot, .potx |
Microsoft Office Powerpoint template |
| .docm |
Microsoft Office Word document, Office Open XML format, with macros |
| .pptm |
Microsoft Office Powerpoint document with macros |
| .ppsm |
Microsoft Office Powerpoint slideshow with macros |
| .potm |
Microsoft Office Powerpoint presentation template with macros |
| .dot, .dotx |
Microsoft Office Word document template |
| .dotm |
Microsoft Office Word document template, Office Open XML format with macros |
| .xps |
Microsoft XML paper specification document |
| .odp, .ods, .odt, .otg, .otp, .ott, .odg |
Open Office or LibreOffice document formats |
| .oxps |
Open XML paper specification format document |
| |
PDF document |
| .wpd |
WordPerfect document |
| .pub |
Microsoft Publisher document |
| .rtf |
Rich text format document |
| .xml |
XML-based Microsoft Office Excel document, pre-Office2007 XML-based Microsoft Office Powerpoint presentation, pre-Office2007 XML-based Microsoft Office Word document, pre-Office2007 |
| .xdp |
Adobe XML data package format |
| .xsl |
eXtensible stylesheet language for XML file |
Script Files
The following table lists examples of supported file extensions that belong to the script file category.
| File Extensions | Description |
|---|---|
| .hta |
HTML application (HTA) |
| .vba |
Visual Basic for applications |
| .vbs |
Visual Basic script |
| .vbe |
Visual Basic encoded script |
| .bat, .cmd |
Batch script |
| .js |
JavaScript Analysis of Javascript files is supported only in the context of file transfers and not in the context of web traffic. |
| .jse |
Jscript encoded script |
| .pl, .pm |
Perl script |
| .psm1, .psd1, .ps1 |
Powershell script module Powershell data file Powershell script |
| .py |
Python script |
| .sh, .command |
Shell script Terminal command file |
| .wsf |
Windows script |
Archive Files
The following table lists examples of supported file extensions that belong to the archive file category.
| File Extensions | Description |
|---|---|
| .ace |
WinAce compressed file |
| .tbz2, .tbz, .bz2, .bz |
TAR archive files compressed with Linux-based Bzip and Bzip2 data compressors |
| .cab |
Microsoft Windows cabinet archive file |
| .diagcab |
Microsoft diagnostic cabinet archive file |
| .tgz, .gz |
TAR achive file compressed with Gnu Zip |
| .jar |
Java archive file |
| .war |
Java Web application archive |
| .lzh, .lha |
Archive file compressed using Lempel-Ziv and Haruyasu (LZH) compression algorithm |
| .lzma |
Files compressed with Lempel-Ziv-Markov chain Algorithm (LZMA) compression |
| .nupkg |
NuGet package file |
| .udf |
Universal disk format |
| .iso |
Disc image file format based on ISO-9660 standard |
| .rar |
Files compressed with RAR compression |
| .tar |
Tape archive file |
| .xz, .txz |
XZ compressed TAR file |
| .zip |
Zip archive file |
| .7z |
7-zip archive file |
| .eml |
RFC2822-formatted email message file |
Data Files
The following table lists examples of supported file extensions that belong to the Data file category.
| File Extensions | Description |
|---|---|
| .csv |
Comma-separated values data file |
| .iqy |
Internet query data file |
| .sylk, .slk |
Symbolic link data file |
| .pcapng, .pcap |
Packet capture file (tcpdump) |
| .settingcontent-ms |
Microsoft content-settings data file |
Media Files
Only Macromedia Flash data file (.swf) is supported.
Other Files
The following table lists examples of supported file extensions that do not belong to any of the preceding file categories.
| File Extensions | Description |
|---|---|
| .website |
Website file |
| .url | Internet shortcut file referenced by Web browsers |
| .htm, .html |
HTML document Analysis of HTML files is supported only in the context of file transfers and not in the context of web traffic. The context is detected using content-disposition headers for HTTP, and is always true for other protocols, such as FTP, SMB. |
| .xar, .pkg |
XAR archive data For malware detection, these files are analyzed directly without extracting them. Therefore, they are not classified as archive files. |
