Suspicious User Activity

Policy for the detection of database files. The rules for this policy are:

• Database File: Ability Office format
• Database File: Borland Reflex 2
• Database File: dBase format
• Database File: Filemaker format
• Database File: Lotus Notes NSF format
• Database File: MORE format
• Database File: Microsoft Access format
• Database File: Microsoft Exchange Server format
• Database File: Microsoft Works for DOS format
• Database File: Microsoft Works for Mac format
• Database File: Microsoft Works for Windows format
• Database File: Paradox format
• Database File: SmartWare II format

Policy for detecting deep web URLs that appear in analyzed content such as textual documents or email messages and end with the pseudo-top-level domains .onion and .i2p. The deep web is a portion of World Wide Web content that is not indexed by standard search engines and that is intentionally hidden from the regular Internet, accessible only with special software, such as Tor. Such URLs are used for anonymous defamation, unauthorized leaks of sensitive information and copyright infringement, distribution of illegal sexual content, selling controlled substances, money laundering, bank fraud, credit card fraud and identity theft, among other things. The rules for this policy are:

• Deep Web URLs: .i2p (Wide)
• Deep Web URLs: .i2p (Default)
• Deep Web URLs: .onion