Hi Everyone,
In version 5.0 we made changes to the way files and paths are stored. Our existing articles will be updated soon and we apologize for the delay.
The files and paths are now stored in an referential structure in the historyex.db file. Attached is a python script which will rebuild the paths and convert the file in to a CSV, so that you can review the scanned files for exclusions within your environments. Ideally you will want to use this in a linux environment. The Ubuntu on Windows 10 environment also works well if you choose to use that.
Script syntax is fairly simple:
./historyex_to_csv.py historyex.db > historyex.csv
Please note TAC will not support this script or any changes made to it but feel free to ask questions here in the discussion forum.
Please also review the new script for converting *debug* sfc.exe.log files for seeing even more verbose file activity on your Windows endpoints. The historyex.db method primarily only shows executable file types and may not be sufficient for your environment.
Place the handle_count.sh script in the same folder as your sfc.exe.log files and simply run the script without arguments. Please note that this is a bash script and should work on Ubuntu, OSX, and Ubuntu on Windows 10:
./handle_count.sh
After the script is run you will have several files. The most important file to review is the "data.csv" file. This will contain file operations as well as the source process.
Thanks!
