Enabling or Disabling Riskware Detection Custom Policy Rules Using the CLI

Use the CLI commands in this procedure to enable or disable riskware detection custom policy rules on the Malware Analysis appliance.

To enable riskware detection custom policy rules:

Go to CLI configuration mode.

hostname > enable
hostname # configure terminal

hostname (config) # show analysis riskware policy rules

Enable a particular policy rule ID.

hostname (config) # analysis riskware policy rule <rule_ID> enable

hostname (config) # write memory

Verify the status of a custom policy rule for riskware detection.
```
hostname (config) # show analysis riskware policy rules
```

To disable riskware detection custom policy rules:

Go to CLI configuration mode.

hostname > enable
hostname # configure terminal

hostname (config) # show analysis riskware policy rules

Disable a particular policy rule ID.

hostname (config) # no analysis riskware policy rule <rule_ID> enable

hostname (config) # write memory

hostname (config) # show analysis riskware policy rules

This example enables a custom policy rule ID for riskware detection.

hostname (config) # analysis riskware policy rule 65005 enable

This example disables a custom policy rule ID for riskware detection.

hostname (config) # no analysis riskware policy rule 65006 enable

This example shows the current custom policy rule configuration for riskware detection.

hostname (config) # show analysis riskware policy rules

|---------|------------------------------------------|------------|

| Rule ID | Rule | Status |

|--------|------------------------------------------|------------|

| 65005 | Low Confidence Custom Yara Rule Weights 0-50|Enabled |

| 65006 | High Confidence Custom Yara Rule Weights 51-100| Disabled |

| 65009 | Non Executable file Connecting to Non-St| Enabled |

| 65012 | MS Office Document With Macro Activity D| Enabled |

|________|__________________________________________|____________|