logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: What are the differences between crawl levels of trusted directories?

App Control: What are the differences between crawl levels of trusted directories?

Environment

  • App Control console: All versions
  • Microsoft Windows: All supported versions

Question

What are the differences between a top-level crawl and a deep crawl for a Windows trusted directory?

Answer

Top Level Crawl (Windows only)

  • A top-level crawl is the default crawl performed on Microsoft Windows endpoints for files added to a trusted directory
  • Archive files (such as 7zip, bzip2, cab, gzip, iscab, iso, MSCompress, rar, zip, or tar files) in the trusted directory will have the contents expanded and crawled
  • Any archives within an archive file will not have the contents expanded and crawled

Deep Level Crawl (Windows only)

  • A deep crawl is an optional crawl which can be enabled on Microsoft Windows endpoints
  • Archive files in the trusted directory will have the contents expanded and crawled
  • Any archives within an archive file will also be expanded and crawled

Additional Notes

  • WIM files are typically not considered an archive by default
  • This can be manually configured as explained in the User Guide

Related Content


Labels (1)
Labels:
Tags (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎08-21-2023
Views:
162
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.