Analysis configuration

Summary

Use analysis configurations to enable or disable steps in the analysis process. You can choose which analysis configuration to apply on a firmware either during the upload process or later from the Firmware Info page.

Modify analysis configurations

1. Click Configuration in the top menu bar
2. Select Analysis Configurations
3. Create a new configuration by clicking Create new analysis configuration, or edit an existing one by clicking the Edit button.

Run a configuration

When uploading new firmware

Select a configuration from the Analysis configuration dropdown:

On a previously uploaded firmware

1. Enter Firmware analysis view by selecting a firmware on your dashboard or in the Firmwares tab.
2. Select the Firmware Info page.
3. Click on the Edit button.
4. Select a configuration from the Analysis configuration dropdown
5. Rerun the analysis for the new configuration to take effect.

Additional analysis methods

Activate/deactivate 0-day binary analysis, RTOS firmware detection or both.

Intelligent deletion

When enabled (on by default), intermediate files are deleted after successful extraction to reduce disk usage. For example, if you upload a firmware.tar.gz archive, the intermediate .tar file created during extraction will be deleted once all its files are successfully extracted.

Note

The download button is disabled for files removed by Intelligent deletion.

Extended Component Rules

Extended component rules identify software components using fuzzy matching. They complement the existing component detection by searching for:

1. File names - Matching component names in file paths
2. Symbol names - Matching component signatures in ELF binary symbols
3. String contents - Matching component identifiers in binary strings
4. Version extraction - Extracting version numbers from any of the above

Detection Levels

OFF (Default)StrictBalancedLoose

• Extended rules are completely disabled
• Analysis relies only on standard component detection methods
• Use when: You want faster analysis or are concerned about false positives

• Very strict matching
• Minimizes false positives but may not find many extra components
• Use when: Accuracy is critical and you prefer fewer, higher-confidence detections

• Balanced matching
• Good trade-off between detection rate and accuracy
• Use when: You want comprehensive component detection with reasonable confidence

• Relaxed matching
• Finds a high number of components but produces a high number of false positives as well
• Use when: Other levels yield too few matches and you can manually verify the results

Enabling extended component rules increases analysis time, especially at looser detection levels.

Warning

The Loose detection level uses relaxed matching that frequently identifies components in unrelated files – for example, it can detect PHP inside Python packages, libgcrypt, or Qt modules. These false positives are inherent to the approach.

Only use Loose when:

• Stricter levels detect too few components for your use case.
• You can manually verify every detected component.

Do not treat Loose-level component detections as reliable without manual review.