-
|
Digging into SecOn again, looking to improve capabilities... While googling my issue, I came across this chain and noticed the default value used to be around 100MB. But in SecOn now: ~9MB. I came to this while tracking down another strelka error and noticed quite a few "unexpected EOF" errors. Just curious if there was a reason behind this change I missed. Maybe somewhere in documentation? I'm getting ready to bump up that value, as well as enabling archive/zip file carving since those aren't enabled by default either. Honestly can't remember the last file I downloaded that was less than 9MB... Hopefully I can come back with some actual links to the values in SecOn...
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
The 9MB was originally set because that was the limit of several sandboxes at the time the script was written. This is a balancing act because the larger the files the longer the process time in yara. You can adjust the size to whatever fits your needs just keep that in mind. |
Beta Was this translation helpful? Give feedback.
The 9MB was originally set because that was the limit of several sandboxes at the time the script was written. This is a balancing act because the larger the files the longer the process time in yara. You can adjust the size to whatever fits your needs just keep that in mind.