Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Defense: Does The Initial "Background Scan" Scan Network Drives?

CB Defense: Does The Initial "Background Scan" Scan Network Drives?

Environment

  • CB Defense PSC Console: All Versions
  • CB Defense Sensor: All Versions
  • Microsoft Windows: All Supported Versions

Question

Does The Initial "Background Scan" Scan Network Drives?

Answer

  • At this time background scans do not scan network drives.
  • The background scan searches through fixed file systems, performing a top-down search for files of interest, and tries to establish reputation for them. Files and directories that are given full bypass are skipped.

Additional Notes

To expand on the algorithm: the sensor builds a list of drives by iterating through A: though Z:. It calls GetDriveTypeW() on each, checking if the return value is DRIVE_FIXED. If not, the drive is not processed. There is no facility to look for UNC paths at this time.

Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎04-05-2019
Views:
306
Contributors