Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

CDF_***** and UDF_***** detection appears on a generated report from Deep Security

    • Updated:
    • 5 Feb 2019
    • Product/Version:
    • Control Manager 6.0
    • Control Manager 7.0
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 10.2
    • Deep Security 10.3
    • Deep Security 11.0
    • Deep Security 11.1
    • Deep Security 11.2
    • Deep Security 11.3
    • Platform:
    • N/A N/A
Summary

Understand the CDF_***** or UDF_***** entries on a Deep Security report.

CDF and UDF in report

Details
Public

Custom Defined Format (CDF) and User Defined Format (UDF) are new features. The CDF is generated by product or machine, while the UDF is generated by human. Customer or product can set up its own suspicious file list in Advanced Threat Scan Engine (ATSE). ATSE will then send detection if the scanned file matched the given CDF or UDF.

Both CDF and UDF are distributed in XML file by Deep Security. Deep Security sets the CDF or UDF file path to Anti-Malware Solution Platform (AMSP). AMSP reads the XML file and set the CDF or UDF configuration to VSAPI engine. Real-Time Scan (RTS) cache shall be purged after updating the CDF or UDF to ATSE.

The XML attributes are defined by AMSP. Both AMSP and Deep Security shall reference the defined macro to read or write the CDF and UDF XML file. The header is AMSP_DefenseListHelp.h exported in ~\common\include\ or ~\export\ClientLibrary\include\.

Premium
Internal
Rating:
Category:
SPEC
Solution Id:
1122039
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.