cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1850
Views
0
Helpful
1
Replies

Onedrive for Business with FileonDemand

Orlith
Beginner
Beginner

Hello

I'm working on the deployment of Amp for endpoint on my 10K+ computers.

I just notice a "bad behavior" when running a fullscan.

 

You may know or not that Onedrive introduce the "fileondemand" option which means that files not used are kept on the cloud and downloaded locally only when the user need/access it.

 

Running a fullscan with AMP force Onedrive to download all files. It do not only scan file locally present. That's a weird issue coz I don't want a 10Go (up to 1To) onedrive to be downloaded on my client if not needed. 

 

Windows Defender scan works smoothly with Onedrive.

So far the only workaround is to set an exclusion for onedrive folder on AMP which in my opinion is not recommended.

 

Any help would be appreciated

Thanks

1 Reply 1

David Janulik
Cisco Employee
Cisco Employee

AMP scans PE header to check, if file is supported. It does not need to download data, from the onedrive to local disk. This is a feature of onedrive, if you or e.g. photo editor, or other application is accessing the file stored in the onedrive, it downloads  it to a temp folder. This file is subsequently uploaded once read,execute or modify finishes. Scans are redundant as AMP checks its sha against cloud intelligence, in the action specified per policy. This is typically copy/move and execute.

Cyber security escalation engineer
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers