Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Files in a trusted directory are not scanned and therefore being blocked

Files in a trusted directory are not scanned and therefore being blocked

Version

6.x, 7.x.

 

Issue

Files placed in a trusted directory are not being globally approved, as expected.

 

Symptoms

  • The files under the Trusted Directory are unexpectedly blocked when executed; and/or
  • There are no related events in the Bit9 console, showing that new files were found and approved under the trusted directory.

 

Cause

The SYSTEM group has been removed from the Trusted Directory path (can be checked under the path Properties --> Security).

 

Solution

Re-Add the SYSTEM permission to the Trusted Directory path.

 

Note to consider

Once the Bit9 agent starts crawling the Trusted Directory again, it will potentially use a significant amount of space under the drive where the Parity Agent is installed (normally under: C:\Program files...\Bit9\Parity Agent).

This depends on the number of zip files (and similar types) that need to be crawled and on the size of the files within.

.exe, .dll and other individual executables are approved inline and will not affect the space usage.

Due to this, make sure there is enough space on this drive for large amount of files that need to be crawled all at once.

This space will be released once the crawl job is done analyzing the files.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-04-2014
Views:
820
Contributors