This content has been marked as final. Show 6 replies
Been playing around with a rule to skip large files from being scanned and am trying to understand the behavior.
I'm using the default "Common rules" ruleset
I'm putting my "Skip Large Files Scan" right before the "Enable Composite Opener" rule.
The rule has various conditions for being triggered:
I've also got an event to write to SysLog when the rule triggers.
I know the rule triggers systematically when downloading files larger than X-bytes (I see the entry in syslog.)
When I set the action to "Stop Cycle" it skips scanning
When I set the action to "Stop Rule Set" it proceeds to 'Enable Composite Opener' and scans the file anyway.
Anybody can explain why the "Stop Rule Set" does not prevent 'Enable Composite Opener' from executing?
Attached is the screen capture of my ruleset.