Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Trusted Directory Crawl of WIM or ISO Files Fails with "Found No Interesting Content" Event

App Control: Trusted Directory Crawl of WIM or ISO Files Fails with "Found No Interesting Content" Event

Environment

  • App Control Agent: All Support Versions
  • Microsoft Windows: All Supported Versions

Symptoms

  • Trusted directory approval of WIM or ISO files does not work
  • Console events with Subtype "Trusted Directory scan" and description:
Top level pre-approval scan has succeeded and found no interesting content for 'c:\td\en_windows_10_version_1903_aug_2019_x64_dvd_.iso'. Error:No interesting files Duration[29sec 990ms] Approval ID: 4. Job ID: 18.

Cause

There is not enough free disk space available on the system hosting the trusted directory to extract the content on the WIM or ISO files
The ISO or WIM contain multiple Windows versions Pro, Pro N, Enterprise for the same release (e.g. 1903) which requires significant disk space for extraction


Resolution

  1. Add more disk space to the system
  2. Extract a smaller Windows version specific WIM file using the DISM command-line tool

Additional Notes

  • When the agent crawls the WIM file it extracts its content to a temp folder located in this directory - "C:\ProgramData\Bit9\Parity Agent\crawl"
  • Using an archiving tool like "7zip" to extract the content of the WIM file will tell immediately how much space is needed

Related Content


Labels (1)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎09-27-2019
Views:
539
Contributors