[8.16] Added max_file_size_bytes advanced option to malware for all O…

…Ss. (#209541) (#209652)

# Backport

This will backport the following commits from `main` to `8.16`:
- [Added max_file_size_bytes advanced option to malware for all OSs.
(#209541)](#209541)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Matthew
Scherer","email":"57465354+matthewscherer@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-04T19:49:35Z","message":"Added
max_file_size_bytes advanced option to malware for all OSs.
(#209541)\n\n## Summary\r\n\r\nThis adds an advanced option \r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [ ] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n-
[x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [ ] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] If a plugin
configuration key changed, check if it needs to be\r\nallowlisted in the
cloud and added to the
[docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n-
[x] This was checked for breaking HTTP API changes, and any
breaking\r\nchanges have been approved by the breaking-change committee.
The\r\n`release_note:breaking` label should be applied in these
situations.\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n- [ ] The PR description includes
the appropriate Release Notes section,\r\nand the correct
`release_note:*` label is applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n###
Identify risks\r\nThis is an advanced option. No risks. \r\n\r\n\r\n###
Release notes\r\n[os].advanced.malware.max_file_size_bytes key was added
to control the\r\nmaximum file size the endpoint will scan for
malware.\r\n\r\n---------\r\n\r\nCo-authored-by: Daniel Ferullo
<56368752+ferullo@users.noreply.github.com>","sha":"3d7ccc5544f21f9b470cdd186730182c489c046d","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Defend
Workflows","release_note:feature","backport:prev-major","v8.16.0","v8.17.0","v8.18.0","backport:8.17","v9.1.0"],"title":"Added
max_file_size_bytes advanced option to malware for all
OSs.","number":209541,"url":"https://github.com/elastic/kibana/pull/209541","mergeCommit":{"message":"Added
max_file_size_bytes advanced option to malware for all OSs.
(#209541)\n\n## Summary\r\n\r\nThis adds an advanced option \r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [ ] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n-
[x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [ ] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] If a plugin
configuration key changed, check if it needs to be\r\nallowlisted in the
cloud and added to the
[docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n-
[x] This was checked for breaking HTTP API changes, and any
breaking\r\nchanges have been approved by the breaking-change committee.
The\r\n`release_note:breaking` label should be applied in these
situations.\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n- [ ] The PR description includes
the appropriate Release Notes section,\r\nand the correct
`release_note:*` label is applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n###
Identify risks\r\nThis is an advanced option. No risks. \r\n\r\n\r\n###
Release notes\r\n[os].advanced.malware.max_file_size_bytes key was added
to control the\r\nmaximum file size the endpoint will scan for
malware.\r\n\r\n---------\r\n\r\nCo-authored-by: Daniel Ferullo
<56368752+ferullo@users.noreply.github.com>","sha":"3d7ccc5544f21f9b470cdd186730182c489c046d"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.17","8.18"],"targetPullRequestStates":[{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/209541","number":209541,"mergeCommit":{"message":"Added
max_file_size_bytes advanced option to malware for all OSs.
(#209541)\n\n## Summary\r\n\r\nThis adds an advanced option \r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [ ] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n-
[x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [ ] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] If a plugin
configuration key changed, check if it needs to be\r\nallowlisted in the
cloud and added to the
[docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n-
[x] This was checked for breaking HTTP API changes, and any
breaking\r\nchanges have been approved by the breaking-change committee.
The\r\n`release_note:breaking` label should be applied in these
situations.\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n- [ ] The PR description includes
the appropriate Release Notes section,\r\nand the correct
`release_note:*` label is applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n###
Identify risks\r\nThis is an advanced option. No risks. \r\n\r\n\r\n###
Release notes\r\n[os].advanced.malware.max_file_size_bytes key was added
to control the\r\nmaximum file size the endpoint will scan for
malware.\r\n\r\n---------\r\n\r\nCo-authored-by: Daniel Ferullo
<56368752+ferullo@users.noreply.github.com>","sha":"3d7ccc5544f21f9b470cdd186730182c489c046d"}}]}]
BACKPORT-->

Co-authored-by: Matthew Scherer <57465354+matthewscherer@users.noreply.github.com>

x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts

@@ -383,6 +383,17 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
       }
     ),
   },
+  {
+    key: 'mac.advanced.malware.max_file_size_bytes',
+    first_supported_version: '8.16.4',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.malware.max_file_size_bytes',
+      {
+        defaultMessage:
+          'The maximum file size in bytes that should be used for evaluating malware. Default: 78643200.',
+      }
+    ),
+  },
   {
     key: 'mac.advanced.kernel.connect',
     first_supported_version: '7.9',
@@ -608,6 +619,17 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
       }
     ),
   },
+  {
+    key: 'windows.advanced.malware.max_file_size_bytes',
+    first_supported_version: '8.16.4',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.malware.max_file_size_bytes',
+      {
+        defaultMessage:
+          'The maximum file size in bytes that should be used for evaluating malware. Default: 78643200.',
+      }
+    ),
+  },
   {
     key: 'windows.advanced.kernel.connect',
     first_supported_version: '7.9',
@@ -856,6 +878,17 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
       }
     ),
   },
+  {
+    key: 'linux.advanced.malware.max_file_size_bytes',
+    first_supported_version: '8.16.4',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.malware.max_file_size_bytes',
+      {
+        defaultMessage:
+          'The maximum file size in bytes that should be used for evaluating malware. Default: 78643200.',
+      }
+    ),
+  },
   {
     key: 'linux.advanced.memory_protection.enable_fork_scan',
     first_supported_version: '8.14',