logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB Defense: Does The Initial "Background Scan" Scan Network Drives?

CB Defense: Does The Initial "Background Scan" Scan Network Drives?

Environment

  • CB Defense PSC Console: All Versions
  • CB Defense Sensor: All Versions
  • Microsoft Windows: All Supported Versions

Question

Does The Initial "Background Scan" Scan Network Drives?

Answer

  • At this time background scans do not scan network drives.
  • The background scan searches through fixed file systems, performing a top-down search for files of interest, and tries to establish reputation for them. Files and directories that are given full bypass are skipped.

Additional Notes

To expand on the algorithm: the sensor builds a list of drives by iterating through A: though Z:. It calls GetDriveTypeW() on each, checking if the return value is DRIVE_FIXED. If not, the drive is not processed. There is no facility to look for UNC paths at this time.

Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎04-05-2019
Views:
430
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.