AnsweredAssumed Answered

Agent V5 configuration for file scanning

Question asked by heiko.berger on Apr 12, 2019
Latest reply on Apr 12, 2019 by martin.christersson2

Hey community,

 

i need some clarification of the agent configuration regarding software scanning and what is included or not.

My requirement is, that all local drives should be scanned - I do not want to include or exlude specific paths.

IncludeCriteria should be only the file types.

 

Below is more or less the standard configuration in the <Software> section.

Are now other locations in C:\* scanned or not? If not, I have to simply add this as an include, right?

But how to scan other local drives, where I dont know if this is D: or E: or whatever? But only local - no network, no usb drives.

 

Does anyone has an explanation for this standard includes? Does this make sense to go only through the Start Menu and Temp folder? And why exclude %windir%?

And why is LNK included as FileType - does this help anything for Software recognition? I would remove this type.

 

Thanks!

Heiko.

 

<Software>
        <!-- default locations included in scan -->
        <Include>
            <!-- shortcuts -->
             <Path recursive="1">C:\Users\*\Microsoft\Windows\Start Menu\Programs\*</Path>
            <Path recursive="1">C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*</Path>
            <Path recursive="1">C:\ProgramData\Microsoft\Windows\Start Menu\*</Path>

            <Path recursive="1">%temp%\*</Path>

            <Path recursive="1">%ProgramFiles%\*</Path>
            <Path recursive="1">%ProgramFiles(x86)%\*</Path>
        </Include>
        <!-- default locations that are excluded from scan -->
        <Exclude>
            <Path>%windir%\*</Path>
        </Exclude>
        
        <!-- only files with the following extensions are included in scan -->
        <IncludeCriteria>
            <FileType>exe</FileType>
            <FileType>wfd</FileType>
            <FileType>wfi</FileType>
            <FileType>wtd</FileType>
            <FileType>wti</FileType>
            <FileType>sys2</FileType>
            <FileType>lnk</FileType>
        </IncludeCriteria>
    </Software>

 

 

The standard template i found here:

Snow Inventory Agent Configuration Templates 

Outcomes