Understand the CDF_***** or UDF_***** entries on a Deep Security report.
Custom Defined Format (CDF) and User Defined Format (UDF) are new features. The CDF is generated by product or machine, while the UDF is generated by human. Customer or product can set up its own suspicious file list in Advanced Threat Scan Engine (ATSE). ATSE will then send detection if the scanned file matched the given CDF or UDF.
Both CDF and UDF are distributed in XML file by Deep Security. Deep Security sets the CDF or UDF file path to Anti-Malware Solution Platform (AMSP). AMSP reads the XML file and set the CDF or UDF configuration to VSAPI engine. Real-Time Scan (RTS) cache shall be purged after updating the CDF or UDF to ATSE.
The XML attributes are defined by AMSP. Both AMSP and Deep Security shall reference the defined macro to read or write the CDF and UDF XML file. The header is AMSP_DefenseListHelp.h exported in ~\common\include\ or ~\export\ClientLibrary\include\.