Focus
Focus
Table of Contents

File Type Analysis

Traps analyzes files based on the type of file, regardless of the file’s extension. For deep inspection and analysis, you can also configure your ESM to forward samples to WildFire. A sample can be:
  • Any Portable Executable (PE) file including (but not limited to):
    • Executable files
    • Object code
    • FON (Fonts)
    • Microsoft Windows screensaver (.scr) files
  • Microsoft Office files containing macros opened in Microsoft Word (winword.exe) and Microsoft Excel (excel.exe):
    • Microsoft Office 2003 to Office 2007—.doc and .xls
    • Microsoft Office 2010 and later releases—.docm, .docx, .xlsm, and .xlsx
  • Dynamic-link library file including (but not limited to):
    • .dll files
    • .ocx files
  • Mach-o files
For details on enabling the ESM to forward samples to WildFire, see Set Up the ESM to Communicate with WildFire.